CVE-2021-20179

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.

Published: Mar 15, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-20179
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:P/I:P/A:N

CWEs:

CWE-863

Affected Software
References

Software	From	Fixed in
dogtagpki / dogtagpki	10.5.1	10.8.0
dogtagpki / dogtagpki	-	10.5.0
dogtagpki / dogtagpki	10.10.1	10.11.0
dogtagpki / dogtagpki	10.9.1	10.10.0
dogtagpki / dogtagpki	10.8.1	10.9.0
redhat / enterprise_linux	7.0	7.0.x
redhat / enterprise_linux	8.0	8.0.x
redhat / certificate_system	10.0	10.0.x
fedoraproject / fedora	32	32.x
fedoraproject / fedora	33	33.x
fedoraproject / fedora	34	34.x

https://bugzilla.redhat.com/show_bug.cgi?id=1914379
https://github.com/dogtagpki/pki/pull/3474
https://github.com/dogtagpki/pki/pull/3475
https://github.com/dogtagpki/pki/pull/3476
https://github.com/dogtagpki/pki/pull/3477
https://github.com/dogtagpki/pki/pull/3478
https://lists.fedoraproject.org/archives/list/[email protected]/message/DDOLFOLEIV7I4EUC3SCZBXL6E2ER7ZEN/
https://lists.fedoraproject.org/archives/list/[email protected]/message/HRE44N6P24AEDKRMWK7RPRLMCUUBRJII/
https://lists.fedoraproject.org/archives/list/[email protected]/message/R3I7BRAHLE2WWSY76W3CKFCF5WSSAE24/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDOLFOLEIV7I4EUC3SCZBXL6E2ER7ZEN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRE44N6P24AEDKRMWK7RPRLMCUUBRJII/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3I7BRAHLE2WWSY76W3CKFCF5WSSAE24/

Vulnerability Database

289,599

CVE-2021-20179