CVE-2022-2393

Published: Jul 14, 2022Modified: Nov 21, 2024

5.7

Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.1 / Impact: 3.6

Source: NVD

Description

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.

Affected (7)

Products: Pki Core Project: Pki Core · Redhat: Certificate System, Enterprise Linux

1 product

2 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pki Core Project Pki Core	Up to 10.12.4

Configuration B

6 vulnerable

Vulnerable Software	Affected Versions
Redhat Certificate System	Version 10.0
Redhat Certificate System	Version 9.0
Redhat Enterprise Linux	Version 6.0
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux	Version 9.0

Related CWEs

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=2101046

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2101046

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.