CVE-2021-20179

moderate-risk

Published 2021-03-15

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.

Do I need to act?

0.29% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.1/10 High

NETWORK / LOW complexity

Affected Products (7)

Dogtagpki

Certificate System

Enterprise Linux

Fedora

Affected Vendors

Redhat Fedoraproject Dogtagpki

References (18)

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1914379

Patch https://github.com/dogtagpki/pki/pull/3474

Patch https://github.com/dogtagpki/pki/pull/3475

Patch https://github.com/dogtagpki/pki/pull/3476

Patch https://github.com/dogtagpki/pki/pull/3477

Patch https://github.com/dogtagpki/pki/pull/3478

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1914379

Patch https://github.com/dogtagpki/pki/pull/3474

Patch https://github.com/dogtagpki/pki/pull/3475

Patch https://github.com/dogtagpki/pki/pull/3476

Patch https://github.com/dogtagpki/pki/pull/3477

Patch https://github.com/dogtagpki/pki/pull/3478

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

/ 100

moderate-risk

Severity 28/34 · Critical

Exploitability 1/34 · Minimal

Exposure 14/34 · Moderate