VYPR

rpm package

almalinux/idm-pki-kra

pkg:rpm/almalinux/idm-pki-kra

Vulnerabilities (3)

  • CVE-2023-4727HigJun 11, 2024
    affected < 11.5.0-2.el9_4.alma.1fixed 11.5.0-2.el9_4.alma.1

    A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escal

  • CVE-2022-2414Jul 29, 2022
    affected < 10.12.0-4.module_el8.7.0+3316+50b99934fixed 10.12.0-4.module_el8.7.0+3316+50b99934

    Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.

  • CVE-2022-2393Jul 14, 2022
    affected < 11.3.0-1.el9fixed 11.3.0-1.el9

    A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but