CVE-2019-10179

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions pki-core versions 10.x.x

Description A vulnerability was found in the Key Recovery Authority (KRA) Agent Service where it did not properly sanitize the recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.

Recommendations For pki-core versions 10.x.x, update to a version that properly sanitizes the recovery request search page to prevent Reflected Cross Site Scripting (XSS) attacks. As a temporary workaround, consider restricting access to the KRA Agent Service to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CESA-2020_4847

CESA-2021_0851

CVE-2019-10179

RHSA-2020:4847

RHSA-2020_4847

RHSA-2021:0819

RHSA-2021:0851

RHSA-2021:0975

RHSA-2021_0851

RLSA-2020:4847

Affected Products

Centos

Red Hat

Rocky Linux

Pki-Core

CVE-2019-10179

Weakness Enumeration

Related Identifiers

Affected Products

References · 72