RHSA-2021:0851-01 -- Redhat pki-core, pki-base, pki-ca, pki-kra, pki-server, pki-tools, pki-symkeyID: oval:org.secpod.oval:def:505965 | Date: (C)2021-03-19 (M)2024-02-19 |
Class: PATCH | Family: unix |
The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * pki-core: Unprivileged users can renew any certificate * pki-core: XSS in the certificate search results * pki-core: Reflected XSS in "path length" constraint field in CA"s Agent page * pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA"s DRM agent page in authorize recovery tab * pki-core: Reflected XSS in getcookies?url= endpoint in CA * pki-core: KRA vulnerable to reflected XSS via the getPk12 page For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Bug Fix: * Add KRA Transport and Storage Certificates profiles, audit for IPA
Platform: |
Red Hat Enterprise Linux 7 |
Product: |
pki-core |
pki-base |
pki-ca |
pki-kra |
pki-server |
pki-tools |
pki-symkey |