rpm package
almalinux/idm-pki-est
pkg:rpm/almalinux/idm-pki-est
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-4727 | Hig | 7.5 | < 11.5.0-2.el9_4.alma.1 | 11.5.0-2.el9_4.alma.1 | Jun 11, 2024 | A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escal | |
| CVE-2022-2393 | — | < 11.3.0-1.el9 | 11.3.0-1.el9 | Jul 14, 2022 | A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but |
- affected < 11.5.0-2.el9_4.alma.1fixed 11.5.0-2.el9_4.alma.1
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escal
- CVE-2022-2393Jul 14, 2022affected < 11.3.0-1.el9fixed 11.3.0-1.el9
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but