CVE-2018-1080
pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences.
Dogtag PKI, hasta la versión 10.6.1, tiene una vulnerabilidad en AAclAuthz.java que, bajo ciertas configuraciones, provoca que la aplicación de listas de control de acceso permita que las reglas allow y deny se reviertan. Si un servidor está configurado para procesar las reglas allow antes que las deny (authz.evaluateOrder=allow,deny), las reglas allow denegarán el acceso y las reglas deny lo permitirán. Esto podría desembocar en un escalado de privilegios o en otras consecuencias no planeadas.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-04 CVE Reserved
- 2018-06-26 CVE Published
- 2023-11-23 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1080 | Issue Tracking | |
https://pagure.io/freeipa/issue/7453 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://review.gerrithub.io/c/dogtagpki/pki/+/404435 | 2019-10-09 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:1979 | 2019-10-09 | |
https://access.redhat.com/security/cve/CVE-2018-1080 | 2018-06-26 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1556657 | 2018-06-26 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Dogtagpki Search vendor "Dogtagpki" | Dogtagpki Search vendor "Dogtagpki" for product "Dogtagpki" | <= 10.6.1 Search vendor "Dogtagpki" for product "Dogtagpki" and version " <= 10.6.1" | - |
Affected
|