rpm package
almalinux/idm-pki-base
pkg:rpm/almalinux/idm-pki-base
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-4727 | Hig | 7.5 | < 11.5.0-2.el9_4.alma.1 | 11.5.0-2.el9_4.alma.1 | Jun 11, 2024 | A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escal | |
| CVE-2022-2414 | — | < 10.12.0-4.module_el8.7.0+3316+50b99934 | 10.12.0-4.module_el8.7.0+3316+50b99934 | Jul 29, 2022 | Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests. | ||
| CVE-2022-2393 | — | < 11.3.0-1.el9 | 11.3.0-1.el9 | Jul 14, 2022 | A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but |
- affected < 11.5.0-2.el9_4.alma.1fixed 11.5.0-2.el9_4.alma.1
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escal
- CVE-2022-2414Jul 29, 2022affected < 10.12.0-4.module_el8.7.0+3316+50b99934fixed 10.12.0-4.module_el8.7.0+3316+50b99934
Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.
- CVE-2022-2393Jul 14, 2022affected < 11.3.0-1.el9fixed 11.3.0-1.el9
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but