8.1

CVE-2021-20179

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.

Data is provided by the National Vulnerability Database (NVD)
DogtagpkiDogtagpki Version < 10.5.0
DogtagpkiDogtagpki Version >= 10.5.1 < 10.8.0
DogtagpkiDogtagpki Version >= 10.8.1 < 10.9.0
DogtagpkiDogtagpki Version >= 10.9.1 < 10.10.0
DogtagpkiDogtagpki Version >= 10.10.1 < 10.11.0
RedhatCertificate System Version10.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
FedoraprojectFedora Version32
FedoraprojectFedora Version33
FedoraprojectFedora Version34
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.4% 0.598
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov 5.5 8 4.9
AV:N/AC:L/Au:S/C:P/I:P/A:N
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://bugzilla.redhat.com/show_bug.cgi?id=1914379
Patch
Third Party Advisory
Issue Tracking
https://github.com/dogtagpki/pki/pull/3474
Patch
Third Party Advisory
https://github.com/dogtagpki/pki/pull/3475
Patch
Third Party Advisory
https://github.com/dogtagpki/pki/pull/3476
Patch
Third Party Advisory
https://github.com/dogtagpki/pki/pull/3477
Patch
Third Party Advisory
https://github.com/dogtagpki/pki/pull/3478
Patch
Third Party Advisory