The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * pki-core: Unprivileged users can renew any certificate * pki-core: XSS in the certificate search results * pki-core: Reflected XSS in "path length" constraint field in CA"s Agent page * pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA"s DRM agent page in authorize recovery tab * pki-core: Reflected XSS in getcookies?url= endpoint in CA * pki-core: KRA vulnerable to reflected XSS via the getPk12 page For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Bug Fix: * Add KRA Transport and Storage Certificates profiles, audit for IPA