CVE-2022-2393

CVSS v3.1

5.7

Medium

Vector

AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions pki-core (affected versions not specified)

Description A flaw was found in pki-core, allowing a user to obtain a certificate for another user identity when directory-based authentication is enabled. This issue enables an authenticated attacker on the adjacent network to impersonate another user within the domain scope, although they cannot decrypt message content.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

ALSA-2023:2293

ALT-PU-2022-2610

CVE-2022-2393

RHSA-2022:7077

RHSA-2022:7086

RHSA-2022_7086

RHSA-2023:2293

RHSA-2023:3394

RHSA-2023_2293

Affected Products

Alt Linux

Almalinux

Debian

Red Hat

Pki-Core

CVE-2022-2393

Weakness Enumeration

Related Identifiers

Affected Products

References · 17