Lucene search

K
redhatRedHatRHSA-2023:2293
HistoryMay 09, 2023 - 5:06 a.m.

(RHSA-2023:2293) Moderate: pki-core security, bug fix, and enhancement update

2023-05-0905:06:45
CWE-287
access.redhat.com
8
pki core
security fix
user certificates
red hat enterprise linux 9.2
cve-2022-2393

CVSS3

7.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

EPSS

0

Percentile

12.6%

The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.

Security Fix(es):

  • pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field (CVE-2022-2393)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.

Affected configurations

Vulners
Node
redhatpki-core-0Range10.5.18-23.el7pki
OR
redhatpki-coreRange10.5.18-23.el7_9
OR
redhatpki-coreRange10.6-8060020230411223433.60523a7b
OR
redhatpki-coreRange11.3.0-1.el9
AND
redhatenterprise_linuxMatch7
OR
redhatenterprise_linuxMatch9
VendorProductVersionCPE
redhatpki-core-0*cpe:2.3:a:redhat:pki-core-0:*:*:*:*:*:*:*:*
redhatpki-core*cpe:2.3:a:redhat:pki-core:*:*:*:*:*:*:*:*
redhatenterprise_linux7cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*
redhatenterprise_linux9cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*

CVSS3

7.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

EPSS

0

Percentile

12.6%