CVE-2019-10146 — Cross-site Scripting in RED HAT Pki-core

CWE-79 — Cross-site Scripting9 documents7 sources

Severity

4.7MEDIUMNVD

EPSS

0.2%

top 59.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dogtagpki RED HAT Pki-core Redhat Enterprise Linux

Timeline

PublishedMar 18

Latest updateMay 24

Description

A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5red_hat/pki-coreall pki-core 10.x.x versions

▶NVDdogtagpki/dogtagpki10.0 — 10.7.3

Also affects: Enterprise Linux 7.0

🔴Vulnerability Details

GHSA

GHSA-9wr3-2hgg-f56c: A Reflected Cross Site Scripting flaw was found in all pki-core 10↗2022-05-24

▶

OSV

CVE-2019-10146: A Reflected Cross Site Scripting flaw was found in all pki-core 10↗2020-03-18

▶

CVEList

CVE-2019-10146: A Reflected Cross Site Scripting flaw was found in all pki-core 10↗2020-03-18

▶

📋Vendor Advisories

Red Hat

pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page↗2020-02-03

▶

Debian

CVE-2019-10146: dogtag-pki - A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions ...↗2019

▶

💬Community

Bugzilla

CVE-2019-10146 pki-core: Reflected Cross-Site Scripting in 'path length' constraint field in CA's Agent page [rhel-8]↗2020-06-02

▶

Bugzilla

CVE-2019-10146 pki-core: Reflected Cross-Site Scripting in 'path length' constraint field in CA's Agent page [fedora-all]↗2020-02-03

▶

Bugzilla

CVE-2019-10146 pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page↗2019-05-15

▶