CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2023-1672 – Race condition exists in the key generation and rotation functionality
https://notcve.org/view.php?id=CVE-2023-1672
11 Jul 2023 — A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host. Brian McDermott discovered that Tang incorrectly handled permissions when creating/rotating keys. A local attacker could possibly use this issue to read the keys. • https://access.redhat.com/security/cve/CVE-2023-1672 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4076 – Debian Security Advisory 5025-1
https://notcve.org/view.php?id=CVE-2021-4076
28 Dec 2021 — A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys. Se presenta un fallo en tang, un servidor de enlace criptográfico basado en la red, que podría dar lugar a un filtrado de claves privadas A flaw was discovered in tang, a network-based cryptographic binding server, which could result in leak of private keys. • https://bugzilla.redhat.com/show_bug.cgi?id=2029814 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •