Red Hat: CVE-2023-4727: dogtag ca: token authentication bypass vulnerability (Multiple Advisories)

Red Hat: CVE-2023-4727: dogtag ca: token authentication bypass vulnerability (Multiple Advisories)

Severity

7

CVSS

(AV:A/AC:H/Au:N/C:C/I:C/A:C)

Published

06/11/2024

Created

06/26/2024

Added

06/26/2024

Modified

09/13/2024

Description

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.

Solution(s)

• redhat-upgrade-idm-jss
• redhat-upgrade-idm-jss-debuginfo
• redhat-upgrade-idm-jss-javadoc
• redhat-upgrade-idm-ldapjdk
• redhat-upgrade-idm-ldapjdk-javadoc
• redhat-upgrade-idm-pki-acme
• redhat-upgrade-idm-pki-base
• redhat-upgrade-idm-pki-base-java
• redhat-upgrade-idm-pki-ca
• redhat-upgrade-idm-pki-est
• redhat-upgrade-idm-pki-java
• redhat-upgrade-idm-pki-kra
• redhat-upgrade-idm-pki-server
• redhat-upgrade-idm-pki-symkey
• redhat-upgrade-idm-pki-symkey-debuginfo
• redhat-upgrade-idm-pki-tools
• redhat-upgrade-idm-pki-tools-debuginfo
• redhat-upgrade-idm-tomcatjss
• redhat-upgrade-jss
• redhat-upgrade-jss-debuginfo
• redhat-upgrade-jss-debugsource
• redhat-upgrade-jss-javadoc
• redhat-upgrade-ldapjdk
• redhat-upgrade-ldapjdk-javadoc
• redhat-upgrade-pki-base
• redhat-upgrade-pki-base-java
• redhat-upgrade-pki-ca
• redhat-upgrade-pki-core-debuginfo
• redhat-upgrade-pki-core-debugsource
• redhat-upgrade-pki-javadoc
• redhat-upgrade-pki-kra
• redhat-upgrade-pki-server
• redhat-upgrade-pki-symkey
• redhat-upgrade-pki-tools
• redhat-upgrade-python3-idm-pki
• redhat-upgrade-resteasy
• redhat-upgrade-resteasy-javadoc
• redhat-upgrade-tomcatjss

References

• CVE-2023-4727
• RHSA-2024:4051
• RHSA-2024:4165
• RHSA-2024:4179
• RHSA-2024:4222
• RHSA-2024:4367