pki-core_project pki-core 认证机制不恰当

admin

0
文章

0
评论

2023-11-30 06:51:17 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

中危 pki-core_project pki-core 认证机制不恰当

CVE编号

CVE-2022-2393

利用情况

暂无

补丁情况

官方补丁

披露时间

2022-07-14

漏洞描述

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://bugzilla.redhat.com/show_bug.cgi?id=2101046

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	pki-core_project	pki-core	*		Up to (including) 10.12.4
	运行在以下环境
	应用	redhat	certificate_system	10.0	-
	运行在以下环境
	应用	redhat	certificate_system	9.0	-
	运行在以下环境
	系统	alibaba_cloud_linux_2.1903	pki-core	*		Up to (excluding) 10.5.18-23.1.al7
	运行在以下环境
	系统	amazon_2	pki-core	*		Up to (excluding) 10.5.18-27.amzn2.0.1
	运行在以下环境
	系统	anolis_os_7	pki-core	*		Up to (excluding) 10.5.18-23
	运行在以下环境
	系统	centos_7	pki-core	*		Up to (excluding) 10.5.18-23.el7_9
	运行在以下环境
	系统	debian_11	dogtag-pki	*		Up to (including) 10.10.2-3
	运行在以下环境
	系统	debian_12	dogtag-pki	*		Up to (including) 11.2.1-2
	运行在以下环境
	系统	debian_sid	dogtag-pki	*		Up to (including) 11.2.1-2
	运行在以下环境
	系统	fedora_34	perl-Image-ExifTool	*		Up to (excluding) 12.38-1.fc34
	运行在以下环境
	系统	fedora_35	perl-Image-ExifTool	*		Up to (excluding) 12.38-1.fc35
	运行在以下环境
	系统	fedora_EPEL_7	perl-Image-ExifTool	*		Up to (excluding) 12.38-1.el7
	运行在以下环境
	系统	fedora_EPEL_8	perl-Image-ExifTool	*		Up to (excluding) 12.38-1.el8
	运行在以下环境
	系统	kylinos_aarch64_V10	pki-base	*		Up to (excluding) 10.5.18-23.el7_9
	运行在以下环境
	系统	oracle_7	oraclelinux-release	*		Up to (excluding) 10.5.18-23.el7_9
	运行在以下环境
	系统	oracle_9	oraclelinux-release	*		Up to (excluding) 11.3.0-1.0.1.el9
	运行在以下环境
	系统	redhat_7	pki-base	*		Up to (excluding) 10.5.18-23.el7_9
	运行在以下环境
	系统	redhat_9	idm-jss	*		Up to (excluding) 5.3.0-1.el9