CVE-2021-20179Incorrect Authorization in Project Pki-core

CWE-863Incorrect Authorization7 documents7 sources
Severity
8.1HIGHNVD
EPSS
0.3%
top 47.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
DogtagpkiPki-core Project Pki-coreFedoraproject Fedora+2 more
Timeline
PublishedMar 15
Latest updateApr 8

Description

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages3 packages

CVEListV5pki-core_project/pki-corepki-core 10.5, pki-core 10.8, pki-core 10.9, pki-core 10.10, pki-core 10.11
NVDdogtagpki/dogtagpki10.5.110.8.0+4

Also affects: Fedora 32, 33, 34, Enterprise Linux 7.0, 8.0

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-q87w-gh3f-77p7: A flaw was found in pki-core2022-05-24
CVEList
CVE-2021-20179: A flaw was found in pki-core2021-03-15
OSV
CVE-2021-20179: A flaw was found in pki-core2021-03-15

📋Vendor Advisories

3
Ubuntu
Dogtag PKI vulnerability2026-04-08
Red Hat
pki-core: Unprivileged users can renew any certificate2021-03-12
Debian
CVE-2021-20179: dogtag-pki - A flaw was found in pki-core. An attacker who has successfully compromised a key...2021
CVE-2021-20179 — Incorrect Authorization | cvebase