Lucene search

GoogleOSV:ALSA-2024:4165

HistoryJun 27, 2024 - 12:00 a.m.

Important: pki-core security update

2024-06-2700:00:00

Google

osv.dev

pki-core

security update

almalinux certificate system

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.4%

JSON

The Public Key Infrastructure (PKI) Core contains fundamental packages required by AlmaLinux Certificate System.

Security Fix(es):

dogtag ca: token authentication bypass vulnerability (CVE-2023-4727)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

access.redhat.com/errata/RHSA-2024:4165

access.redhat.com/security/cve/CVE-2023-4727

bugzilla.redhat.com/2232218

errata.almalinux.org/9/ALSA-2024-4165.html

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.4%

JSON

Related for OSV:ALSA-2024:4165