rpm package
almalinux/idm-jss-javadoc
pkg:rpm/almalinux/idm-jss-javadoc
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-4727 | Hig | 7.5 | < 4.11.0-1.module_el8.10.0+3801+17b19a60 | 4.11.0-1.module_el8.10.0+3801+17b19a60 | Jun 11, 2024 | A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escal |
- affected < 4.11.0-1.module_el8.10.0+3801+17b19a60fixed 4.11.0-1.module_el8.10.0+3801+17b19a60
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escal