Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-2414

Published: 29/07/2022 Updated: 04/08/2022
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Dogtagpki

Vulnerability Summary

Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote malicious user to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

dogtagpki dogtagpki 10.5.18

dogtagpki dogtagpki 10.7.4

dogtagpki dogtagpki 10.8.3

dogtagpki dogtagpki 10.11.2

dogtagpki dogtagpki 10.12.4

dogtagpki dogtagpki 11.0.5

dogtagpki dogtagpki 11.1.0

Vendor Advisories

Debian CVElist Bug Report Logs: dogtag-pki: CVE-2022-2414
Debian Bug report logs - #1014957 dogtag-pki: CVE-2022-2414 Package: src:dogtag-pki; Maintainer for src:dogtag-pki is Debian FreeIPA Team <pkg-freeipa-devel@alioth-listsdebiannet>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 15 Jul 2022 10:30:01 UTC Severity: grave Tags: security Reply or subs ...
Red Hat: Important: pki-core security update
Synopsis Important: pki-core security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for pki-core is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having ...
Red Hat: Important: Red Hat Certificate System 9.7 security update
Synopsis Important: Red Hat Certificate System 97 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Certificate System 97Red Hat Product Security has rated this upda ...
Red Hat: Important: pki-core:10.6 security update
Synopsis Important: pki-core:106 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the pki-core:106 module is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Pr ...
Red Hat: Important: pki-core:10.6 security update
Synopsis Important: pki-core:106 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the pki-core:106 module is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat E ...
Red Hat: Important: pki-core security update
Synopsis Important: pki-core security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for pki-core is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having ...
Red Hat: Important: pki-core:10.6 security update
Synopsis Important: pki-core:106 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the pki-core:106 module is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Pr ...
Amazon Linux 2: ALAS2-2023-2016
Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests (CVE-2022-2414) ...

Github Repositories

https://github.com/superhac/CVE-2022-2414-POC

CVE-2022-2414-POC Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests (It does"potentially" confirmed) portswiggernet/daily-swig/vulnerability-in-open-source-identity-manage

https://github.com/strikersatya/CVE-2022-2414

CVE-2022-2414 POC

CVE-2022-2414 CVE-2022-2414 POC Replace YOUR_HOST with your target like below url url = "examplecom/ca/rest/certrequests"

https://github.com/satyasai1460/CVE-2022-2414

CVE-2022-2414 POC

CVE-2022-2414 CVE-2022-2414 POC Replace YOUR_HOST with your target like below url url = "examplecom/ca/rest/certrequests"

https://github.com/amitlttwo/CVE-2022-2414-Proof-Of-Concept

A flaw was found in pki-core. Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.

CVE-2022-2414-Proof-Of-Concept A flaw was found in pki-core Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests References: nvdnistgov/vuln/detail/CVE-2022-2414 accessredhatco

References

CWE-611https://github.com/dogtagpki/pki/pull/4021https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014957https://nvd.nist.govhttps://github.com/strikersatya/CVE-2022-2414https://alas.aws.amazon.com/AL2/ALAS-2023-2016.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook