High severity7.5NVD Advisory· Published Jun 11, 2024· Updated Apr 15, 2026
CVE-2023-4727
CVE-2023-4727
Description
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- access.redhat.com/errata/RHSA-2024:4051nvd
- access.redhat.com/errata/RHSA-2024:4070nvd
- access.redhat.com/errata/RHSA-2024:4164nvd
- access.redhat.com/errata/RHSA-2024:4165nvd
- access.redhat.com/errata/RHSA-2024:4179nvd
- access.redhat.com/errata/RHSA-2024:4222nvd
- access.redhat.com/errata/RHSA-2024:4367nvd
- access.redhat.com/errata/RHSA-2024:4403nvd
- access.redhat.com/errata/RHSA-2024:4413nvd
- access.redhat.com/security/cve/CVE-2023-4727nvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.