MidnightBSD

Advisories for pki-core_project

CVE-2015-0234 MEDIUM

Multiple temporary file creation vulnerabilities in pki-core 10.2.0.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
pki-core_project pki-core 10.2.0
CVE-2022-2393

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.1 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux 8.0
redhat enterprise_linux 7.0
redhat certificate_system 10.0
redhat enterprise_linux 9.0
redhat certificate_system 9.0
redhat enterprise_linux 6.0
pki-core_project pki-core *