Bug 2232218 (CVE-2023-4727) - CVE-2023-4727 ca: token authentication bypass vulnerability
Summary: CVE-2023-4727 ca: token authentication bypass vulnerability
Keywords:
Status: ASSIGNED
Alias: CVE-2023-4727
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Endi Sukma Dewata
QA Contact:
URL:
Whiteboard:
Depends On: 2295804 2232221 2232222 2232223 2232281 2268351
Blocks: 2232220
TreeView+ depends on / blocked
 
Reported: 2023-08-15 19:32 UTC by Zack Miele
Modified: 2024-10-10 13:42 UTC (History)
20 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHCS-4416 0 None None None 2023-09-07 22:04:29 UTC
Red Hat Product Errata RHSA-2024:4051 0 None None None 2024-06-23 22:46:43 UTC
Red Hat Product Errata RHSA-2024:4164 0 None None None 2024-06-27 14:09:52 UTC
Red Hat Product Errata RHSA-2024:4165 0 None None None 2024-06-27 14:29:19 UTC
Red Hat Product Errata RHSA-2024:4179 0 None None None 2024-07-01 01:12:50 UTC
Red Hat Product Errata RHSA-2024:4222 0 None None None 2024-07-02 15:07:12 UTC
Red Hat Product Errata RHSA-2024:4367 0 None None None 2024-07-08 11:18:02 UTC
Red Hat Product Errata RHSA-2024:4403 0 None None None 2024-07-09 08:48:33 UTC
Red Hat Product Errata RHSA-2024:4413 0 None None None 2024-07-09 09:20:45 UTC

Description Zack Miele 2023-08-15 19:32:41 UTC 
The token authentication scheme in Dogtag CA can be bypassed with a Ldap injection.
By passing the query string parameter sessionID=*, an attacker can authenticate with
the existing session saved in Ldap directory server.
Comment 33 Pedro Sampaio 2024-01-05 17:04:57 UTC 
This is ready to unembargo from our side.

Endi, please confirm if your team is able to view the tracker bugs and prepare Erratas?

Thank you.
Comment 51 Endi Sukma Dewata 2024-06-17 23:55:23 UTC 
Fixed upstream:
* master branch: https://github.com/dogtagpki/pki/commit/aa7161ba378caf5cf0471aafb679a842679c8388
* v11.5 branch: https://github.com/dogtagpki/pki/commit/54e5b3c5932ad634b5ddf5b1d4d88c9419d6f720
Comment 53 errata-xmlrpc 2024-06-23 22:46:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:4051 https://access.redhat.com/errata/RHSA-2024:4051
Comment 54 errata-xmlrpc 2024-06-27 14:09:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:4164 https://access.redhat.com/errata/RHSA-2024:4164
Comment 55 errata-xmlrpc 2024-06-27 14:29:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:4165 https://access.redhat.com/errata/RHSA-2024:4165
Comment 56 errata-xmlrpc 2024-07-01 01:12:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:4179 https://access.redhat.com/errata/RHSA-2024:4179
Comment 58 errata-xmlrpc 2024-07-02 15:07:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:4222 https://access.redhat.com/errata/RHSA-2024:4222
Comment 60 Pedro Sampaio 2024-07-04 14:27:58 UTC 
Created dogtag-pki tracking bugs for this issue:

Affects: fedora-all [bug 2295804]
Comment 61 errata-xmlrpc 2024-07-08 11:18:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:4367 https://access.redhat.com/errata/RHSA-2024:4367
Comment 62 errata-xmlrpc 2024-07-09 08:48:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:4403 https://access.redhat.com/errata/RHSA-2024:4403
Comment 63 errata-xmlrpc 2024-07-09 09:20:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:4413 https://access.redhat.com/errata/RHSA-2024:4413
Note You need to log in before you can comment on or make changes to this bug.