CVE-2023-4727
7.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
0 < 11.5.1 | affected | ||
| Red Hat | Red Hat Certificate System 10.4 EUS for RHEL-8 | 8060020240529205458.07fb4edf < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 7 | 0:10.5.18-32.el7_9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8 | 8100020240614102443.82f485b7 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | 8040020240329193548.17df0a3f < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service | 8040020240329193548.17df0a3f < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | 8040020240329193548.17df0a3f < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | 8060020240329182634.60523a7b < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service | 8060020240329182634.60523a7b < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | 8060020240329182634.60523a7b < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support | 8080020240329143735.693a3987 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:11.5.0-2.el9_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | 0:11.0.6-3.el9_0 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support | 0:11.3.0-2.el9_2 < * | unaffected |
Weaknesses
- CWE-305: Authentication Bypass by Primary Weakness
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2024:4051
- https://access.redhat.com/errata/RHSA-2024:4070
- https://access.redhat.com/errata/RHSA-2024:4164
- https://access.redhat.com/errata/RHSA-2024:4165
- https://access.redhat.com/errata/RHSA-2024:4179
- https://access.redhat.com/errata/RHSA-2024:4222
- https://access.redhat.com/errata/RHSA-2024:4367
- https://access.redhat.com/errata/RHSA-2024:4403
- https://access.redhat.com/errata/RHSA-2024:4413
- https://access.redhat.com/security/cve/CVE-2023-4727
- https://bugzilla.redhat.com/show_bug.cgi?id=2232218
References
- https://access.redhat.com/errata/RHSA-2024:4051
- https://access.redhat.com/errata/RHSA-2024:4070
- https://access.redhat.com/errata/RHSA-2024:4164
- https://access.redhat.com/errata/RHSA-2024:4165
- https://access.redhat.com/errata/RHSA-2024:4179
- https://access.redhat.com/errata/RHSA-2024:4222
- https://access.redhat.com/errata/RHSA-2024:4367
- https://access.redhat.com/errata/RHSA-2024:4403
- https://access.redhat.com/errata/RHSA-2024:4413
- https://access.redhat.com/security/cve/CVE-2023-4727
- https://bugzilla.redhat.com/show_bug.cgi?id=2232218
- https://github.com/advisories/GHSA-rvm7-rc5g-c98q
- https://github.com/dogtagpki/pki/commit/54e5b3c5932ad634b5ddf5b1d4d88c9419d6f720
- https://github.com/dogtagpki/pki/commit/aa7161ba378caf5cf0471aafb679a842679c8388
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.