CVE-2023-4727

EUVD-2023-54575
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Debian logo
Debian Releases
Debian Product
Codename
dogtag-pki
bullseye
no-dsa
sid
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dogtag-pki
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
mantic
ignored
noble
dne
oracular
dne
xenial
needs-triage
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
idm-pki-acme
RHEL 9
0:11.5.0-2.el9_4
fixed
idm-pki-base
RHEL 9
0:11.5.0-2.el9_4
fixed
idm-pki-ca
RHEL 9
0:11.5.0-2.el9_4
fixed
idm-pki-est
RHEL 9
0:11.5.0-2.el9_4
fixed
idm-pki-java
RHEL 9
0:11.5.0-2.el9_4
fixed
idm-pki-kra
RHEL 9
0:11.5.0-2.el9_4
fixed
idm-pki-server
RHEL 9
0:11.5.0-2.el9_4
fixed
idm-pki-tools
RHEL 9
0:11.5.0-2.el9_4
fixed
pki-base
RHEL 7
0:10.5.18-32.el7_9
fixed
pki-base-java
RHEL 7
0:10.5.18-32.el7_9
fixed
pki-ca
RHEL 7
0:10.5.18-32.el7_9
fixed
pki-javadoc
RHEL 7
0:10.5.18-32.el7_9
fixed
pki-kra
RHEL 7
0:10.5.18-32.el7_9
fixed
pki-server
RHEL 7
0:10.5.18-32.el7_9
fixed
pki-symkey
RHEL 7
0:10.5.18-32.el7_9
fixed
pki-tools
RHEL 7
0:10.5.18-32.el7_9
fixed
python3-idm-pki
RHEL 9
0:11.5.0-2.el9_4
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2024:4051
https://access.redhat.com/errata/RHSA-2024:4070
https://access.redhat.com/errata/RHSA-2024:4164
https://access.redhat.com/errata/RHSA-2024:4165
https://access.redhat.com/errata/RHSA-2024:4179
https://access.redhat.com/errata/RHSA-2024:4222
https://access.redhat.com/errata/RHSA-2024:4367
https://access.redhat.com/errata/RHSA-2024:4403
https://access.redhat.com/errata/RHSA-2024:4413
https://access.redhat.com/security/cve/CVE-2023-4727
https://bugzilla.redhat.com/show_bug.cgi?id=2232218
https://access.redhat.com/errata/RHSA-2024:4051
https://access.redhat.com/errata/RHSA-2024:4070
https://access.redhat.com/errata/RHSA-2024:4164
https://access.redhat.com/errata/RHSA-2024:4165
https://access.redhat.com/errata/RHSA-2024:4179
https://access.redhat.com/errata/RHSA-2024:4222
https://access.redhat.com/errata/RHSA-2024:4367
https://access.redhat.com/errata/RHSA-2024:4403
https://access.redhat.com/errata/RHSA-2024:4413
https://access.redhat.com/security/cve/CVE-2023-4727
https://bugzilla.redhat.com/show_bug.cgi?id=2232218