Ldap Injection Vulnerability in dogtag-pki and pki-core Could Lead to Privilege Escalation
CVE-2023-4727
7.5HIGH
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Certificate System 10.4 Eus For Rhel-8
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
- Vendor
- CVE Published:
- 11 June 2024
Summary
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
Affected Version(s)
Red Hat Certificate System 10.4 EUS for RHEL-8 <= 8060020240529205458.07fb4edf
Red Hat Enterprise Linux 7 <= 0:10.5.18-32.el7_9
Red Hat Enterprise Linux 8 <= 8100020240614102443.82f485b7
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: null to: 7.5 - (HIGH)
Vulnerability published.
Vulnerability Reserved.
Reported to Red Hat.
Collectors
NVD DatabaseMitre Database
Credit
Red Hat would like to thank Pham Van Khanh (Calif) for reporting this issue.