Vulnerability CVE-2021-3551: Information
Description
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
pki-core | p10 | 10.10.6-alt1 | 10.14.1-alt1 | ALT-PU-2021-2038-1 | 274757 | Fixed |
pki-core | p9 | 10.10.6-alt1.c9f2.1 | 10.10.6-alt1.c9f2.1 | ALT-PU-2022-1784-1 | 288073 | Fixed |
pki-core | c10f1 | 10.10.6-alt1 | 10.14.1-alt1 | ALT-PU-2021-2038-1 | 274757 | Fixed |
pki-core | c9f2 | 10.10.6-alt1.c9f2.1 | 10.10.6-alt1.c9f2.1 | ALT-PU-2021-2860-1 | 282600 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1959971 |
|