Lucene search

K

[email protected]NVD:CVE-2022-2393

HistoryJul 14, 2022 - 3:15 p.m.

CVE-2022-2393

2022-07-1415:15:08

CWE-285

[email protected]

web.nvd.nist.gov

5.7 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

12.8%

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.

Affected configurations

NVD

Node

pki-core_projectpki-coreRange≤10.12.4

Node

redhatcertificate_systemMatch9.0

OR

redhatcertificate_systemMatch10.0

OR

redhatenterprise_linuxMatch6.0

OR

redhatenterprise_linuxMatch7.0

OR

redhatenterprise_linuxMatch8.0

OR

redhatenterprise_linuxMatch9.0

References

bugzilla.redhat.com/show_bug.cgi?id=2101046

5.7 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

12.8%

Related for NVD:CVE-2022-2393

redhat4 nessus10 ubuntucve1 prion1 cvelist1 cve1 debiancve1 oraclelinux2 redhatcve1 amazon1 veracode1 osv1 almalinux1