A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Redhat |
|
No data.
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat Certificate System 10.4 EUS for RHEL-8 | |||
| redhat-pki:10-8060020240529205458.07fb4edf | cpe:/a:redhat:certificate_system_eus:10.4::el8 | RHSA-2024:4070 | 2024-06-24T00:00:00Z |
| Red Hat Enterprise Linux 7 | |||
| pki-core-0:10.5.18-32.el7_9 | cpe:/o:redhat:enterprise_linux:7 | RHSA-2024:4222 | 2024-07-02T00:00:00Z |
| Red Hat Enterprise Linux 8 | |||
| pki-core:10.6-8100020240614102443.82f485b7 | cpe:/a:redhat:enterprise_linux:8 | RHSA-2024:4367 | 2024-07-08T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | |||
| pki-core:10.6-8040020240329193548.17df0a3f | cpe:/a:redhat:rhel_aus:8.4 | RHSA-2024:4164 | 2024-06-27T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | |||
| pki-core:10.6-8040020240329193548.17df0a3f | cpe:/a:redhat:rhel_tus:8.4 | RHSA-2024:4164 | 2024-06-27T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | |||
| pki-core:10.6-8040020240329193548.17df0a3f | cpe:/a:redhat:rhel_e4s:8.4 | RHSA-2024:4164 | 2024-06-27T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | |||
| pki-core:10.6-8060020240329182634.60523a7b | cpe:/a:redhat:rhel_aus:8.6 | RHSA-2024:4403 | 2024-07-09T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | |||
| pki-core:10.6-8060020240329182634.60523a7b | cpe:/a:redhat:rhel_tus:8.6 | RHSA-2024:4403 | 2024-07-09T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | |||
| pki-core:10.6-8060020240329182634.60523a7b | cpe:/a:redhat:rhel_e4s:8.6 | RHSA-2024:4403 | 2024-07-09T00:00:00Z |
| Red Hat Enterprise Linux 8.8 Extended Update Support | |||
| pki-core:10.6-8080020240329143735.693a3987 | cpe:/a:redhat:rhel_eus:8.8 | RHSA-2024:4179 | 2024-07-01T00:00:00Z |
| Red Hat Enterprise Linux 9 | |||
| pki-core-0:11.5.0-2.el9_4 | cpe:/a:redhat:enterprise_linux:9 | RHSA-2024:4165 | 2024-06-27T00:00:00Z |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | |||
| pki-core-0:11.0.6-3.el9_0 | cpe:/a:redhat:rhel_e4s:9.0 | RHSA-2024:4413 | 2024-07-09T00:00:00Z |
| Red Hat Enterprise Linux 9.2 Extended Update Support | |||
| pki-core-0:11.3.0-2.el9_2 | cpe:/a:redhat:rhel_eus:9.2 | RHSA-2024:4051 | 2024-06-23T00:00:00Z |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-06-11T19:30:25.613Z
Updated: 2024-09-16T18:37:26.339Z
Reserved: 2023-09-01T20:44:55.077Z
Link: CVE-2023-4727
Vulnrichment
Updated: 2024-08-02T07:38:00.502Z
NVD
Status : Awaiting Analysis
Published: 2024-06-11T20:15:09.733
Modified: 2024-07-09T12:15:10.393
Link: CVE-2023-4727
Redhat