Permission Flaw in Dogtag Certificate Management by Red Hat
CVE-2017-2590

8.1HIGH

Key Information:

Vendor

Red Hat
Status
Ipa
Vendor
CVE Published:
27 July 2018

What is CVE-2017-2590?

A permissions flaw exists in the Dogtag component of Red Hat's Identity Management (IdM). This vulnerability affects the 'ca-del', 'ca-disable', and 'ca-enable' commands, which do not enforce proper checks on user permissions. An authenticated yet unauthorized user could exploit this vulnerability to modify Certificate Authorities (CAs), leading to potential denial of service issues. This could disrupt certificate issuance, affect OCSP signing, or even lead to the deletion of secret keys, posing significant risks to system integrity and availability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ipa 4.4

References

http://www.securityfocus.com/bid/96557
vdb-entryx_refsource_BID
http://rhn.redhat.com/errata/RHSA-2017-0388.html
vendor-advisoryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2590
x_refsource_CONFIRM

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.