In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates (attributes and public keys) to unauthenticated or less privileged users may occur.
Metrics
Affected Vendors & Products
References
History
Thu, 17 Oct 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-08-03T00:00:00
Updated: 2024-10-17T16:37:58.366Z
Reserved: 2023-05-30T00:00:00
Link: CVE-2023-34196
Vulnrichment
Updated: 2024-08-02T16:01:54.234Z
NVD
Status : Modified
Published: 2023-08-03T03:15:10.480
Modified: 2024-11-21T08:06:45.250
Link: CVE-2023-34196
Redhat
No data.