INFSA-2024:4367: pki-core security update
Information about definition
Identificator: INFSA-2024:4367
Type: security
Release date: 2024-10-10 05:33:53 UTC
Information about package
The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.
Vulnerabilities description
- CVE-2023-4727
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2023-4727
|
no information | 7.5 | no information |
Updated packages