A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2101046 | Issue Tracking Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
30 Jun 2023, 18:53
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other |
12 Feb 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | CWE-285 |
02 Feb 2023, 21:22
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Jul 2022, 01:33
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat certificate System
Redhat Pki-core Project pki-core Pki-core Project Redhat enterprise Linux |
|
CWE | CWE-287 | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2101046 - Issue Tracking, Third Party Advisory | |
CPE | cpe:2.3:a:pki-core_project:pki-core:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:certificate_system:9.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:certificate_system:10.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.7 |
14 Jul 2022, 15:19
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-14 15:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-2393
Mitre link : CVE-2022-2393
CVE.ORG link : CVE-2022-2393
JSON object : View
Products Affected
redhat
- certificate_system
- enterprise_linux
pki-core_project
- pki-core
CWE