CVSS: 7.6EPSS: 0%CPEs: 7EXPL: 0CVE-2022-2393 – pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field
https://notcve.org/view.php?id=CVE-2022-2393
14 Jul 2022 — A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content. Se ha encontrado un fallo en pki-core, que podría permitir a un usuario conseguir un certificado para otra identidad de usuario cuando la autenticación basada en el directorio está... • https://bugzilla.redhat.com/show_bug.cgi?id=2101046 • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0234
https://notcve.org/view.php?id=CVE-2015-0234
28 Aug 2017 — Multiple temporary file creation vulnerabilities in pki-core 10.2.0. Existen múltiples vulnerabilidades de creación de archivos temporales en pki-core 10.2.0. • https://bugzilla.redhat.com/show_bug.cgi?id=1183176 • CWE-20: Improper Input Validation •