CVE-2023-4727
Ca: token authentication bypass vulnerability
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
Se encontró una falla en dogtag-pki y pki-core. El esquema de autenticación de token se puede omitir con una inyección LDAP. Al pasar el parámetro de cadena de consulta sessionID=*, un atacante puede autenticarse con una sesión existente guardada en el servidor de directorio LDAP, lo que puede conducir a una escalada de privilegios.
*Credits:
Red Hat would like to thank Pham Van Khanh (Calif) for reporting this issue.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-09-01 CVE Reserved
- 2024-06-11 CVE Published
- 2024-06-28 EPSS Updated
- 2024-12-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-305: Authentication Bypass by Primary Weakness
CAPEC
References (11)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:4051 | 2024-07-09 | |
https://access.redhat.com/errata/RHSA-2024:4070 | 2024-07-09 | |
https://access.redhat.com/errata/RHSA-2024:4164 | 2024-07-09 | |
https://access.redhat.com/errata/RHSA-2024:4165 | 2024-07-09 | |
https://access.redhat.com/errata/RHSA-2024:4179 | 2024-07-09 | |
https://access.redhat.com/errata/RHSA-2024:4222 | 2024-07-09 | |
https://access.redhat.com/errata/RHSA-2024:4367 | 2024-07-09 | |
https://access.redhat.com/errata/RHSA-2024:4403 | 2024-07-09 | |
https://access.redhat.com/errata/RHSA-2024:4413 | 2024-07-09 | |
https://access.redhat.com/security/cve/CVE-2023-4727 | 2024-07-09 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2232218 | 2024-07-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Certificate System Search vendor "Redhat" for product "Certificate System" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Certificate System Eus Search vendor "Redhat" for product "Certificate System Eus" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Rhel Aus Search vendor "Redhat" for product "Rhel Aus" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Rhel E4s Search vendor "Redhat" for product "Rhel E4s" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Rhel Eus Search vendor "Redhat" for product "Rhel Eus" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Rhel Tus Search vendor "Redhat" for product "Rhel Tus" | * | - |
Affected
| ||||||
Alma Search vendor "Alma" | Linux Search vendor "Alma" for product "Linux" | * | - |
Affected
| ||||||
Amazon Search vendor "Amazon" | Linux Search vendor "Amazon" for product "Linux" | * | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Rhel Aus Search vendor "Redhat" for product "Rhel Aus" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Rhel E4s Search vendor "Redhat" for product "Rhel E4s" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Rhel Eus Search vendor "Redhat" for product "Rhel Eus" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Rhel Tus Search vendor "Redhat" for product "Rhel Tus" | * | - |
Affected
| ||||||
Rocky Search vendor "Rocky" | Linux Search vendor "Rocky" for product "Linux" | * | - |
Affected
|