Ldap Injection Vulnerability in dogtag-pki and pki-core Could Lead to Privilege Escalation
CVE-2023-4727

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Certificate System 10.4 Eus For Rhel-8; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Vendor: CVE Published:; 11 June 2024

Summary

A vulnerability exists within Red Hat's Dogtag PKI and pki-core products, where an attacker can exploit a flaw in the token authentication mechanism through an LDAP injection. By manipulating the query string parameter 'sessionID=*', the attacker may authenticate using an existing session stored in the LDAP directory server. This could potentially allow unauthorized access and lead to an escalation of privileges, compromising the integrity of the system and sensitive information.

Affected Version(s)

Red Hat Certificate System 10.4 EUS for RHEL-8 8060020240529205458.07fb4edf

Red Hat Enterprise Linux 7 0:10.5.18-32.el7_9

Red Hat Enterprise Linux 8 8100020240614102443.82f485b7

References

https://access.redhat.com/errata/RHSA-2024:4051

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:4070

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:4164

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
Sep 1, 2023

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Pham Van Khanh (Calif) for reporting this issue.