Bug 1914379 (CVE-2021-20179) - CVE-2021-20179 pki-core: Unprivileged users can renew any certificate
Summary: CVE-2021-20179 pki-core: Unprivileged users can renew any certificate
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-20179
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1914396 1934283 1914387 1914394 1914395 1916327 1916376 1916377 1934282 1938207
Blocks: 1914363 1938322
TreeView+ depends on / blocked
 
Reported: 2021-01-08 17:08 UTC by Cedric Buissart
Modified: 2021-04-20 09:49 UTC (History)
12 users (show)

Fixed In Version: pki-core 10.5, pki-core 10.8, pki-core 10.9, pki-core 10.10, pki-core 10.11
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.
Clone Of:
Environment:
Last Closed: 2021-03-15 17:25:51 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:0819 0 None None None 2021-03-15 13:26:12 UTC
Red Hat Product Errata RHSA-2021:0851 0 None None None 2021-03-16 13:48:22 UTC
Red Hat Product Errata RHSA-2021:0966 0 None None None 2021-03-23 10:55:04 UTC
Red Hat Product Errata RHSA-2021:0975 0 None None None 2021-03-23 16:46:59 UTC

Description Cedric Buissart 2021-01-08 17:08:03 UTC
It was found that an unprivileged user can renew a certificate.

An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked.

References:

https://github.com/dogtagpki/pki/pull/3478 
https://github.com/dogtagpki/pki/pull/3477 
https://github.com/dogtagpki/pki/pull/3476 
https://github.com/dogtagpki/pki/pull/3475 
https://github.com/dogtagpki/pki/pull/3474

Comment 6 Cedric Buissart 2021-01-11 17:54:52 UTC
Acknowledgments:

Name: Fraser Tweedale, Geetika Kapoor

Comment 14 Cedric Buissart 2021-03-12 13:23:27 UTC
Created pki-core tracking bugs for this issue:

Affects: fedora-all [bug 1938207]

Comment 16 errata-xmlrpc 2021-03-15 13:26:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2021:0819 https://access.redhat.com/errata/RHSA-2021:0819

Comment 17 Product Security DevOps Team 2021-03-15 17:25:51 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-20179

Comment 18 errata-xmlrpc 2021-03-16 13:48:21 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:0851 https://access.redhat.com/errata/RHSA-2021:0851

Comment 19 errata-xmlrpc 2021-03-23 10:54:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:0966 https://access.redhat.com/errata/RHSA-2021:0966

Comment 20 errata-xmlrpc 2021-03-23 16:46:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Extended Update Support

Via RHSA-2021:0975 https://access.redhat.com/errata/RHSA-2021:0975

Comment 21 errata-xmlrpc 2021-04-20 09:49:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:1263 https://access.redhat.com/errata/RHSA-2021:1263


Note You need to log in before you can comment on or make changes to this bug.