CVE-2022-2393 – pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field
https://notcve.org/view.php?id=CVE-2022-2393
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content. Se ha encontrado un fallo en pki-core, que podría permitir a un usuario conseguir un certificado para otra identidad de usuario cuando la autenticación basada en el directorio está habilitada. Este fallo permite a un atacante autenticado en la red adyacente hacerse pasar por otro usuario dentro del ámbito del dominio, pero no podría descifrar el contenido de los mensajes • https://bugzilla.redhat.com/show_bug.cgi?id=2101046 https://access.redhat.com/security/cve/CVE-2022-2393 • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVE-2021-20179 – pki-core: Unprivileged users can renew any certificate
https://notcve.org/view.php?id=CVE-2021-20179
A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity. Se encontró un fallo en pki-core. Un atacante que haya comprometido con éxito una clave podría usar este fallo para renovar el certificado correspondiente una y otra vez, siempre que no se revoque explícitamente. • https://bugzilla.redhat.com/show_bug.cgi?id=1914379 https://github.com/dogtagpki/pki/pull/3474 https://github.com/dogtagpki/pki/pull/3475 https://github.com/dogtagpki/pki/pull/3476 https://github.com/dogtagpki/pki/pull/3477 https://github.com/dogtagpki/pki/pull/3478 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDOLFOLEIV7I4EUC3SCZBXL6E2ER7ZEN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRE44N6P24AEDKRMWK7 • CWE-863: Incorrect Authorization •
CVE-2017-7509 – 8: Enrolling certificate without certreq field causes CA to crash
https://notcve.org/view.php?id=CVE-2017-7509
An input validation error was found in Red Hat Certificate System's handling of client provided certificates before 8.1.20-1. If the certreq field is not present in a certificate an assertion error is triggered causing a denial of service. Se ha detectado un error de validación de entradas en cómo gestiona Red Hat Certificate System los certificados proporcionados por el cliente en versiones anteriores a la 8.1.20-1. Si el campo certreq no está presente en un certificado, se desencadena un error de aserción que provoca una denegación de servicio (DoS). An input validation error was found in Red Hat Certificate System's handling of client provided certificates. • http://www.securitytracker.com/id/1039248 https://access.redhat.com/errata/RHSA-2017:2560 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7509 https://access.redhat.com/security/cve/CVE-2017-7509 https://bugzilla.redhat.com/show_bug.cgi?id=1456030 • CWE-20: Improper Input Validation •
CVE-2012-4543 – System: Multiple cross-site scripting flaws by displaying CRL or processing profile
https://notcve.org/view.php?id=CVE-2012-4543
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) pageStart or (2) pageSize to the displayCRL script, or (3) nonce variable to the profileProcess script. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Red Hat Certificate System (RHCS) anteriores a v8.1.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de(1) pageStart o (2) pageSize sobre el script displayCRL, o (3) variable nonce sobre sobre el script profileProcess. • http://rhn.redhat.com/errata/RHSA-2012-1550.html http://rhn.redhat.com/errata/RHSA-2013-0511.html http://secunia.com/advisories/51482 http://www.securityfocus.com/bid/56843 http://www.securitytracker.com/id?1027846 https://bugzilla.redhat.com/show_bug.cgi?id=864397 https://access.redhat.com/security/cve/CVE-2012-4543 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-4555 – pki-tps: Temporary denial of service on interrupted token format operations
https://notcve.org/view.php?id=CVE-2012-4555
The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors. El sistema de proceso de tokens (pki-tps) en Red Hat Certificate System (RHCS) anteriores a v8.1.3 no manejan de forma adecuada las interrupciones de las operaciones de formateo, lo que permite a atacantes remotos provocar una denegación de servicio(desreferencia a puntero NULL y caída de proceso hijo del servidor web Apache) a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2012-1550.html http://secunia.com/advisories/51482 http://www.securityfocus.com/bid/56843 http://www.securitytracker.com/id?1027846 https://bugzilla.redhat.com/show_bug.cgi?id=869570 https://access.redhat.com/security/cve/CVE-2012-4555 •