A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1959971 | Issue Tracking Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
28 Feb 2022, 15:51
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:oracle:linux:8:-:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:* cpe:2.3:a:dogtagpki:dogtagpki:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:* |
|
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1959971 - Issue Tracking, Patch, Third Party Advisory | |
CWE | CWE-312 | |
First Time |
Redhat enterprise Linux For Power Little Endian
Oracle Redhat enterprise Linux Eus Redhat enterprise Linux Server Tus Dogtagpki dogtagpki Redhat enterprise Linux Server Aus Fedoraproject fedora Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux Server Update Services For Sap Solutions Dogtagpki Redhat enterprise Linux Redhat Redhat enterprise Linux For Ibm Z Systems Eus Oracle linux Fedoraproject |
|
CVSS |
v2 : v3 : |
v2 : 4.4
v3 : 7.8 |
16 Feb 2022, 18:00
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-16 17:15
Updated : 2023-12-10 14:22
NVD link : CVE-2021-3551
Mitre link : CVE-2021-3551
CVE.ORG link : CVE-2021-3551
JSON object : View
Products Affected
redhat
- enterprise_linux
- enterprise_linux_eus
- enterprise_linux_server_update_services_for_sap_solutions
- enterprise_linux_server_tus
- enterprise_linux_for_ibm_z_systems
- enterprise_linux_for_ibm_z_systems_eus
- enterprise_linux_for_power_little_endian
- enterprise_linux_for_power_little_endian_eus
- enterprise_linux_server_aus
dogtagpki
- dogtagpki
fedoraproject
- fedora
oracle
- linux
CWE
CWE-312
Cleartext Storage of Sensitive Information