Ldap Injection Vulnerability in dogtag-pki and pki-core Could Lead to Privilege Escalation

CVE-2023-4727

7.5HIGH

Key Information

Vendor: Red Hat
Status: Red Hat Certificate System 10.4 Eus For Rhel-8; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Vendor: CVE Published:; 11 June 2024

Summary

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.

Affected Version(s)

Red Hat Certificate System 10.4 EUS for RHEL-8 <= 8060020240529205458.07fb4edf

Red Hat Enterprise Linux 7 <= 0:10.5.18-32.el7_9

Red Hat Enterprise Linux 8 <= 8100020240614102443.82f485b7

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 7.5 - (HIGH)
Jun 11, 2024
Vulnerability published.
Jun 11, 2024
Vulnerability Reserved.
Sep 1, 2023
Reported to Red Hat.
Aug 15, 2023

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Pham Van Khanh (Calif) for reporting this issue.