CVE-2023-4727

EPSS 0.04%
Veröffentlicht 11.06.2024 20:15:09
Zuletzt bearbeitet 21.11.2024 08:35:50
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 14

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://www.keycloak.org/

≫

Paket keycloak

Default Statusunaffected

Version < 11.5.1

Version 0

Status affected

HerstellerRed Hat

≫

Produkt Red Hat Certificate System 10.4 EUS for RHEL-8

Default Statusaffected

Version < *

Version 8060020240529205458.07fb4edf

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 7

Default Statusaffected

Version < *

Version 0:10.5.18-32.el7_9

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 8100020240614102443.82f485b7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Default Statusaffected

Version < *

Version 8040020240329193548.17df0a3f

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Default Statusaffected

Version < *

Version 8040020240329193548.17df0a3f

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 8040020240329193548.17df0a3f

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support

Default Statusaffected

Version < *

Version 8060020240329182634.60523a7b

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Default Statusaffected

Version < *

Version 8060020240329182634.60523a7b

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 8060020240329182634.60523a7b

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.8 Extended Update Support

Default Statusaffected

Version < *

Version 8080020240329143735.693a3987

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:11.5.0-2.el9_4

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:11.0.6-3.el9_0

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.2 Extended Update Support

Default Statusaffected

Version < *

Version 0:11.3.0-2.el9_2

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 6

Default Statusunknown

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.084

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	7.5	1.6	5.9	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-305 Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

https://access.redhat.com/errata/RHSA-2024:4051

https://access.redhat.com/errata/RHSA-2024:4070

https://access.redhat.com/errata/RHSA-2024:4164

https://access.redhat.com/errata/RHSA-2024:4165

https://access.redhat.com/errata/RHSA-2024:4179

https://access.redhat.com/errata/RHSA-2024:4222

https://access.redhat.com/errata/RHSA-2024:4367

https://access.redhat.com/errata/RHSA-2024:4403

https://access.redhat.com/errata/RHSA-2024:4413

https://access.redhat.com/security/cve/CVE-2023-4727

https://bugzilla.redhat.com/show_bug.cgi?id=2232218

https://nvd.nist.gov/vuln/detail/CVE-2023-4727

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-4727

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-4727

EUVD