Privilege Escalation

2019-01-1509:24:35

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.003 Low

EPSS

Percentile

71.0%

JSON

pki-core is vulnerable to privilege escalation attacks. The vulnerability exists as Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access.

CPENameOperatorVersion
pki-coreeq10.2.6__8.el7pki
pki-coreeq10.3.3__11.el7pki
pki-coreeq10.5.1__9.el7pki
pki-coreeq10.4.1__10.el7pki
pki-coreeq10.3.3__16.el7pki
pki-coreeq10.3.3__17.el7pki
pki-coreeq10.3.3__13.el7pki
pki-coreeq10.4.1__17.el7pki

Name	Operator	Version
pki-core	eq	10.2.6__8.el7pki
pki-core	eq	10.3.3__11.el7pki
pki-core	eq	10.5.1__9.el7pki
pki-core	eq	10.4.1__10.el7pki
pki-core	eq	10.3.3__16.el7pki
pki-core	eq	10.3.3__17.el7pki
pki-core	eq	10.3.3__13.el7pki
pki-core	eq	10.4.1__17.el7pki