CVE-2022-2414

Published: Jul 29, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.

Affected (7)

Products: Dogtagpki: Dogtagpki

Dogtagpki

1 product

Dogtagpki

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Dogtagpki Dogtagpki	Version 10.11.2
Dogtagpki Dogtagpki	Version 10.12.4
Dogtagpki Dogtagpki	Version 10.5.18
Dogtagpki Dogtagpki	Version 10.7.4
Dogtagpki Dogtagpki	Version 10.8.3
Dogtagpki Dogtagpki	Version 11.0.5
Dogtagpki Dogtagpki	Version 11.1.0

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (2)

https://github.com/dogtagpki/pki/pull/4021

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://github.com/dogtagpki/pki/pull/4021

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.