Dogtagpki@* Security Vulnerabilities and Issues — Dogtagpki@* CVE List

Lucene search

DogtagpkiDogtagpki*

7 matches found

CVE•added 2020/03/20 3:15 p.m.•188 views

CVE-2019-10221

A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a special...

6.1CVSS6.7AI score0.00669EPSS

CVE•added 2020/03/20 3:15 p.m.•173 views

CVE-2019-10179

A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing speci...

6.1CVSS6.1AI score0.00616EPSS

CVE•added 2020/03/18 3:15 p.m.•164 views

CVE-2019-10146

A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser.

4.7CVSS5.4AI score0.00261EPSS

CVE•added 2020/07/14 2:15 p.m.•121 views

CVE-2020-15720

In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tools making use of this class, such as the pki-serve...

6.8CVSS6.5AI score0.00186EPSS

CVE•added 2020/03/20 3:15 p.m.•91 views

CVE-2020-1696

A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated ...

5.4CVSS5AI score0.00244EPSS

CVE•added 2020/03/31 5:15 p.m.•76 views

CVE-2019-10180

A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token coul...

4.8CVSS4.9AI score0.00454EPSS

CVE•added 2020/03/18 4:15 p.m.•61 views

CVE-2019-10178

It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would ...

6.1CVSS6.1AI score0.01182EPSS