USN-7146-1: Dogtag PKI vulnerabilities

First published: Tue Dec 10 2024(Updated: )

Christina Fu discovered that Dogtag PKI accidentally enabled a mock authentication plugin by default. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-7537) It was discovered that Dogtag PKI did not properly sanitize user input. An attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. This issue only affected Ubuntu 22.04 LTS. (CVE-2020-25715) It was discovered that the XML parser did not properly handle entity expansion. A remote attacker could potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests. This issue only affected Ubuntu 16.04 LTS. (CVE-2022-2414)

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/usn
• source/Ubuntu
• agent/software-canonical-lookup
• agent/severity
• agent/references
• agent/title
• agent/last-modified-date
• agent/softwarecombine
• agent/type
• agent/first-publish-date
• agent/event
• agent/description
• agent/tags
• agent/trending
• package-manager/ubuntu
• vendor/ubuntu
• canonical/ubuntu ubuntu
• version/ubuntu ubuntu/22.04
• version/ubuntu ubuntu/16.04