CVE-2020-15720

Name of the Vulnerable Software and Affected Versions Dogtag PKI versions prior to 10.9.0-b1

Description The issue concerns the pki.client.PKIConnection class in Dogtag PKI, which did not enable python-requests certificate validation. This was due to the verify parameter being hard-coded in all request functions, making it impossible to override the setting. As a result, tools using this class may have been vulnerable to Person-in-the-Middle attacks in certain non-localhost use cases.

Recommendations For Dogtag PKI versions prior to 10.9.0-b1, update to version 10.9.0-b1 or later to resolve the issue.