Уязвимость CVE-2021-3551: Информация

Описание

A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.

Важность: HIGH (7,8) Вектор: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

1. Подверженные конфигурации:

   1. Конфигурация 1

      cpe:2.3:a:dogtagpki:dogtagpki:*:*:*:*:*:*:*:*

      Start including

      10.10.0

      End excliding

      10.10.6

      ---

      Конфигурация 2

      cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

      ---

      Конфигурация 3

      cpe:2.3:o:oracle:linux:8:-:*:*:*:*:*:*

      ---

      Конфигурация 4

      cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*

      ---