Bug 2232218 (CVE-2023-4727)
| Summary: | CVE-2023-4727 ca: token authentication bypass vulnerability | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Zack Miele <zmiele> |
| Component: | vulnerability | Assignee: | Endi Sukma Dewata <edewata> |
| Status: | ASSIGNED --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | aakkiang, cfu, ckelley, dsirrine, edewata, fdelehay, gkimetto, jmagne, jwest, mfargett, mharmsen, mulliken, prisingh, psampaio, rhcs-maint, security-response-team, skhandel, taherrin, teagle, trathi |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2295804, 2232221, 2232222, 2232223, 2232281, 2268351 | ||
| Bug Blocks: | 2232220 | ||
|
Description
Zack Miele
2023-08-15 19:32:41 UTC
This is ready to unembargo from our side. Endi, please confirm if your team is able to view the tracker bugs and prepare Erratas? Thank you. Fixed upstream: * master branch: https://github.com/dogtagpki/pki/commit/aa7161ba378caf5cf0471aafb679a842679c8388 * v11.5 branch: https://github.com/dogtagpki/pki/commit/54e5b3c5932ad634b5ddf5b1d4d88c9419d6f720 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:4051 https://access.redhat.com/errata/RHSA-2024:4051 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2024:4164 https://access.redhat.com/errata/RHSA-2024:4164 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:4165 https://access.redhat.com/errata/RHSA-2024:4165 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:4179 https://access.redhat.com/errata/RHSA-2024:4179 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:4222 https://access.redhat.com/errata/RHSA-2024:4222 Created dogtag-pki tracking bugs for this issue: Affects: fedora-all [bug 2295804] This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:4367 https://access.redhat.com/errata/RHSA-2024:4367 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2024:4403 https://access.redhat.com/errata/RHSA-2024:4403 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2024:4413 https://access.redhat.com/errata/RHSA-2024:4413 |