When using the caServerKeygen_DirUserCert profile with UserDirEnrollment auth type, usre are able to get a certificate for any UID I please simply by entering their name in the Subject information fields. This occurs only when Directory-based authentication is enabled, which is disabled by default.
This issue has been addressed in the following products: Red Hat Certificate System 9.7 Via RHSA-2022:7077 https://access.redhat.com/errata/RHSA-2022:7077
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:7086 https://access.redhat.com/errata/RHSA-2022:7086
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-2393
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2293 https://access.redhat.com/errata/RHSA-2023:2293
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:3394 https://access.redhat.com/errata/RHSA-2023:3394