CVE-2021-20179

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1914379

https://github.com/dogtagpki/pki/pull/3474

https://github.com/dogtagpki/pki/pull/3475

https://github.com/dogtagpki/pki/pull/3476

https://github.com/dogtagpki/pki/pull/3477

https://github.com/dogtagpki/pki/pull/3478

https://lists.fedoraproject.org/archives/list/[email protected]/message/DDOLFOLEIV7I4EUC3SCZBXL6E2ER7ZEN/

https://lists.fedoraproject.org/archives/list/[email protected]/message/HRE44N6P24AEDKRMWK7RPRLMCUUBRJII/

https://lists.fedoraproject.org/archives/list/[email protected]/message/R3I7BRAHLE2WWSY76W3CKFCF5WSSAE24/

Details

Source: MITRE

Published: 2021-03-15

Updated: 2021-03-24

Type: CWE-863

Risk Information

CVSS v2

Base Score: 5.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3

Base Score: 8.1

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Impact Score: 5.2

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
154479NewStart CGSL CORE 5.04 / MAIN 5.04 : pki-core Multiple Vulnerabilities (NS-SA-2021-0102)NessusNewStart CGSL Local Security Checks
high
149623EulerOS 2.0 SP8 : pki-core (EulerOS-SA-2021-1885)NessusHuawei Local Security Checks
high
149620EulerOS 2.0 SP5 : pki-core (EulerOS-SA-2021-1910)NessusHuawei Local Security Checks
high
149159EulerOS 2.0 SP3 : pki-core (EulerOS-SA-2021-1831)NessusHuawei Local Security Checks
high
148922Amazon Linux 2 : pki-core (ALAS-2021-1630)NessusAmazon Linux Local Security Checks
high
148857RHEL 8 : pki-core:10.6 (RHSA-2021:1263)NessusRed Hat Local Security Checks
high
148035Oracle Linux 8 : pki-core:10.6 (ELSA-2021-0966)NessusOracle Linux Local Security Checks
high
148033CentOS 8 : pki-core:10.6 (CESA-2021:0966)NessusCentOS Local Security Checks
high
148020RHEL 8 : pki-core:10.6 (RHSA-2021:0966)NessusRed Hat Local Security Checks
high
148017RHEL 7 : pki-core (RHSA-2021:0975)NessusRed Hat Local Security Checks
high
147935Fedora 33 : pki-core (2021-6c412a4601)NessusFedora Local Security Checks
high
147933Fedora 32 : pki-core (2021-344dd24c84)NessusFedora Local Security Checks
high
147883CentOS 7 : pki-core (CESA-2021:0851)NessusCentOS Local Security Checks
high
147863Oracle Linux 7 : pki-core (ELSA-2021-0851)NessusOracle Linux Local Security Checks
high
147841RHEL 7 : pki-core (RHSA-2021:0851)NessusRed Hat Local Security Checks
high
147808RHEL 7 : pki-core (RHSA-2021:0819)NessusRed Hat Local Security Checks
high