CVE-2018-1080

Name of the Vulnerable Software and Affected Versions Dogtag PKI versions prior to 10.6.2

Description The issue is related to the application of ACL allow and deny rules in certain configurations, causing these rules to be reversed. Specifically, when a server is set to process allow rules before deny rules, as defined by authz.evaluateOrder=allow,deny, the allow rules will incorrectly deny access, while the deny rules will grant access. This reversal may lead to unintended consequences, including potential escalation of privileges.

Recommendations For Dogtag PKI versions prior to 10.6.2, update to version 10.6.2 or later to resolve the issue. As a temporary workaround, consider changing the configuration to process deny rules before allow rules by setting authz.evaluateOrder=deny,allow until a patch is applied.