A flaw was found in pki-core. Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. A remote attacker could potentially use this flaw to retrieve the content of arbitrary files by sending specially crafted HTTP requests. Upstream PR: https://github.com/dogtagpki/pki/pull/4021 Upstream commit: https://github.com/dogtagpki/pki/commit/4e893243d72ad766558c10c907841f5f9c047055
Created dogtag-pki tracking bugs for this issue: Affects: fedora-all [bug 2107351]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:7326 https://access.redhat.com/errata/RHSA-2022:7326
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7470 https://access.redhat.com/errata/RHSA-2022:7470
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:8799 https://access.redhat.com/errata/RHSA-2022:8799
This issue has been addressed in the following products: Red Hat Certificate System 9.7 Via RHSA-2022:8915 https://access.redhat.com/errata/RHSA-2022:8915
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:1747 https://access.redhat.com/errata/RHSA-2023:1747
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:1966 https://access.redhat.com/errata/RHSA-2023:1966
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:3394 https://access.redhat.com/errata/RHSA-2023:3394
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-2414