High severity7.5NVD Advisory· Published Jun 11, 2024· Updated Apr 15, 2026
CVE-2023-4727
CVE-2023-4727
Description
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21- osv-coords18 versionspkg:rpm/almalinux/idm-jsspkg:rpm/almalinux/idm-jss-javadocpkg:rpm/almalinux/idm-ldapjdkpkg:rpm/almalinux/idm-ldapjdk-javadocpkg:rpm/almalinux/idm-pki-acmepkg:rpm/almalinux/idm-pki-basepkg:rpm/almalinux/idm-pki-base-javapkg:rpm/almalinux/idm-pki-capkg:rpm/almalinux/idm-pki-estpkg:rpm/almalinux/idm-pki-javapkg:rpm/almalinux/idm-pki-krapkg:rpm/almalinux/idm-pki-serverpkg:rpm/almalinux/idm-pki-symkeypkg:rpm/almalinux/idm-pki-toolspkg:rpm/almalinux/idm-tomcatjsspkg:rpm/almalinux/python3-idm-pkipkg:rpm/almalinux/resteasypkg:rpm/almalinux/resteasy-javadoc
< 4.11.0-1.module_el8.10.0+3801+17b19a60+ 17 more
- (no CPE)range: < 4.11.0-1.module_el8.10.0+3801+17b19a60
- (no CPE)range: < 4.11.0-1.module_el8.10.0+3801+17b19a60
- (no CPE)range: < 4.24.0-1.module_el8.10.0+3801+17b19a60
- (no CPE)range: < 4.24.0-1.module_el8.10.0+3801+17b19a60
- (no CPE)range: < 11.5.0-2.el9_4.alma.1
- (no CPE)range: < 11.5.0-2.el9_4.alma.1
- (no CPE)range: < 10.15.1-1.module_el8.10.0+3868+cdab0fd8
- (no CPE)range: < 11.5.0-2.el9_4.alma.1
- (no CPE)range: < 11.5.0-2.el9_4.alma.1
- (no CPE)range: < 11.5.0-2.el9_4.alma.1
- (no CPE)range: < 11.5.0-2.el9_4.alma.1
- (no CPE)range: < 11.5.0-2.el9_4.alma.1
- (no CPE)range: < 10.15.1-1.module_el8.10.0+3868+cdab0fd8
- (no CPE)range: < 11.5.0-2.el9_4.alma.1
- (no CPE)range: < 7.8.0-1.module_el8.10.0+3801+17b19a60
- (no CPE)range: < 11.5.0-2.el9_4.alma.1
- (no CPE)range: < 3.0.26-7.module_el8.10.0+3808+9d4ab1fb
- (no CPE)range: < 3.0.26-7.module_el8.10.0+3808+9d4ab1fb
Patches
Vulnerability mechanics
References
11- access.redhat.com/errata/RHSA-2024:4051nvd
- access.redhat.com/errata/RHSA-2024:4070nvd
- access.redhat.com/errata/RHSA-2024:4164nvd
- access.redhat.com/errata/RHSA-2024:4165nvd
- access.redhat.com/errata/RHSA-2024:4179nvd
- access.redhat.com/errata/RHSA-2024:4222nvd
- access.redhat.com/errata/RHSA-2024:4367nvd
- access.redhat.com/errata/RHSA-2024:4403nvd
- access.redhat.com/errata/RHSA-2024:4413nvd
- access.redhat.com/security/cve/CVE-2023-4727nvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.