A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.
2022-02-16T17:15:11.103
2024-11-21T06:21:49.303
Modified
CVSSv3.1: 7.8 (HIGH)
AV:L/AC:M/Au:N/C:P/I:P/A:P
3.4
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | dogtagpki | dogtagpki | < 10.10.6 | Yes |
| Operating System | fedoraproject | fedora | 33 | Yes |
| Operating System | fedoraproject | fedora | 34 | Yes |
| Operating System | oracle | linux | 8 | Yes |
| Operating System | redhat | enterprise_linux | 8.0 | Yes |
| Operating System | redhat | enterprise_linux_eus | 8.4 | Yes |
| Operating System | redhat | enterprise_linux_for_ibm_z_systems | 8.0 | Yes |
| Operating System | redhat | enterprise_linux_for_ibm_z_systems_eus | 8.4 | Yes |
| Operating System | redhat | enterprise_linux_for_power_little_endian | 8.0 | Yes |
| Operating System | redhat | enterprise_linux_for_power_little_endian_eus | 8.4 | Yes |
| Operating System | redhat | enterprise_linux_server_aus | 8.4 | Yes |
| Operating System | redhat | enterprise_linux_server_tus | 8.4 | Yes |
| Operating System | redhat | enterprise_linux_server_update_services_for_sap_solutions | 8.4 | Yes |