← voltar
CVE-2021-20179

CVE-2021-20179

EPSS 1.2%CWE-863
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 1.2%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
15 mar 2021Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.
Produtos afetados
n/a · pki-core

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://bugzilla.redhat.com/show_bug.cgi?id=1914379https://github.com/dogtagpki/pki/pull/3474https://github.com/dogtagpki/pki/pull/3475https://github.com/dogtagpki/pki/pull/3476https://github.com/dogtagpki/pki/pull/3477https://github.com/dogtagpki/pki/pull/3478https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDOLFOLEIV7I4EUC3SCZBXL6E2ER7ZEN/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRE44N6P24AEDKRMWK7RPRLMCUUBRJII/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3I7BRAHLE2WWSY76W3CKFCF5WSSAE24/