Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv2

CVE-2021-20179

Published: 15/03/2021 Updated: 07/11/2023
CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8
CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8
VMScore: 490
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Subscribe to Dogtagpki

Vulnerability Summary

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

dogtagpki dogtagpki

redhat enterprise linux 7.0

redhat enterprise linux 8.0

redhat certificate system 10.0

fedoraproject fedora 32

fedoraproject fedora 33

fedoraproject fedora 34

Vendor Advisories

Amazon Linux 2: ALAS2-2021-1630
A Reflected Cross Site Scripting flaw was found in the pki-ca module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page An attacker could inject a specially crafted value that will be executed on the victim's browser (CVE-2019-10146) It was found that the Key Recovery Authority (KRA) Agent Se ...
Red Hat: CVE-2021-20179
A flaw was found in pki-core An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked The highest threat from this vulnerability is to data confidentiality and integrity ...

References

CWE-863https://bugzilla.redhat.com/show_bug.cgi?id=1914379https://github.com/dogtagpki/pki/pull/3475https://github.com/dogtagpki/pki/pull/3476https://github.com/dogtagpki/pki/pull/3474https://github.com/dogtagpki/pki/pull/3477https://github.com/dogtagpki/pki/pull/3478https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3I7BRAHLE2WWSY76W3CKFCF5WSSAE24/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRE44N6P24AEDKRMWK7RPRLMCUUBRJII/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDOLFOLEIV7I4EUC3SCZBXL6E2ER7ZEN/https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2021-1630.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook