Bug 1914379 (CVE-2021-20179)
Summary: | CVE-2021-20179 pki-core: Unprivileged users can renew any certificate | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Cedric Buissart <cbuissar> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | abokovoy, alee, alexander.m.scheel, cfu, dsirrine, edewata, jmagne, kwright, mharmsen, mkdineshprasanth, rhcs-maint, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | pki-core 10.5, pki-core 10.8, pki-core 10.9, pki-core 10.10, pki-core 10.11 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-03-15 17:25:51 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1914387, 1914394, 1914395, 1914396, 1916327, 1916376, 1916377, 1934282, 1934283, 1938207 | ||
Bug Blocks: | 1914363, 1938322 |
Description
Cedric Buissart
2021-01-08 17:08:03 UTC
Acknowledgments: Name: Fraser Tweedale, Geetika Kapoor Created pki-core tracking bugs for this issue: Affects: fedora-all [bug 1938207] This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2021:0819 https://access.redhat.com/errata/RHSA-2021:0819 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-20179 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0851 https://access.redhat.com/errata/RHSA-2021:0851 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:0966 https://access.redhat.com/errata/RHSA-2021:0966 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2021:0975 https://access.redhat.com/errata/RHSA-2021:0975 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:1263 https://access.redhat.com/errata/RHSA-2021:1263 |