Vulnerabilites related to pki-core_project - pki-core
Vulnerability from fkie_nvd
Published
2022-07-14 15:15
Modified
2024-11-21 07:00
Severity ?
Summary
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2101046 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2101046 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pki-core_project | pki-core | * | |
| redhat | certificate_system | 9.0 | |
| redhat | certificate_system | 10.0 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pki-core_project:pki-core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "025D479C-A4CB-442E-9A89-005CF4567026",
"versionEndIncluding": "10.12.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:certificate_system:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F53A5C24-3524-4DC1-B3C8-5D86055BD7A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:certificate_system:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "95575E40-9DB8-43CB-B667-46803DAE501F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo en pki-core, que podr\u00eda permitir a un usuario conseguir un certificado para otra identidad de usuario cuando la autenticaci\u00f3n basada en el directorio est\u00e1 habilitada. Este fallo permite a un atacante autenticado en la red adyacente hacerse pasar por otro usuario dentro del \u00e1mbito del dominio, pero no podr\u00eda descifrar el contenido de los mensajes"
}
],
"id": "CVE-2022-2393",
"lastModified": "2024-11-21T07:00:54.100",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-14T15:15:08.133",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101046"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-29 01:35
Modified
2025-04-20 01:37
Severity ?
Summary
Multiple temporary file creation vulnerabilities in pki-core 10.2.0.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1183176 | Issue Tracking, Patch, Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0234.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1183176 | Issue Tracking, Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0234.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pki-core_project | pki-core | 10.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pki-core_project:pki-core:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A507753-B4F6-492B-8929-6054237D68AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple temporary file creation vulnerabilities in pki-core 10.2.0."
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de creaci\u00f3n de archivos temporales en pki-core 10.2.0."
}
],
"id": "CVE-2015-0234",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-29T01:35:12.420",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183176"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0234.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0234.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-2393 (GCVE-0-2022-2393)
Vulnerability from cvelistv5
Published
2022-07-14 14:53
Modified
2024-08-03 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pki-core",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "pki-core versions 10.12.4 and prior are affected."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T14:53:46",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101046"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-2393",
"datePublished": "2022-07-14T14:53:46",
"dateReserved": "2022-07-12T00:00:00",
"dateUpdated": "2024-08-03T00:39:07.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0234 (GCVE-0-2015-0234)
Vulnerability from cvelistv5
Published
2017-08-28 20:00
Modified
2024-08-06 04:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple temporary file creation vulnerabilities in pki-core 10.2.0.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183176"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0234.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple temporary file creation vulnerabilities in pki-core 10.2.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183176"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0234.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-0234",
"datePublished": "2017-08-28T20:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:10.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}