4 matches found
CVE-2025-44005
An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks...
CVE-2025-44005
The CVE describes an Authorization bypass in Smallstep Step CA where ACME or SCEP provisioners can create certificates without completing certain protocol authorization checks. Affected component: Step CA (ACME/SCEP provisioners). Root cause: bypass of authorization checks. Impact: potential issu...
FreeBSD : step-certificates -- Authorization Bypass in ACME and SCEP Provisioners (eca46635-db51-11f0-9b8d-40a6b7c3b3b8)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the eca46635-db51-11f0-9b8d-40a6b7c3b3b8 advisory. smallstep reports: An attacker can bypass authorization checks and force a Step CA ACME or SCEP...
GHSA-H8CP-697H-8C8P Step CA Has Authorization Bypass in ACME and SCEP Provisioners
Summary A security fix is now available for Step CA that resolves a vulnerability affecting deployments configured with ACME and/or SCEP provisioners. All operators running these provisioners should upgrade to the latest release v0.29.0 immediately. The issue was discovered and disclosed by a...