Home

CVE-2018-1080

Description

Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences.

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.435

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2018:1979) Moderate: pki-core security, bug fix, and enhancement update pki-base-10.5.1-13.1.el7_5.noarch.rpmLinux
(RHSA-2018:1979) Moderate: pki-core security, bug fix, and enhancement update pki-base-java-10.5.1-13.1.el7_5.noarch.rpmLinux
(RHSA-2018:1979) Moderate: pki-core security, bug fix, and enhancement update pki-ca-10.5.1-13.1.el7_5.noarch.rpmLinux
(RHSA-2018:1979) Moderate: pki-core security, bug fix, and enhancement update pki-javadoc-10.5.1-13.1.el7_5.noarch.rpmLinux
(RHSA-2018:1979) Moderate: pki-core security, bug fix, and enhancement update pki-kra-10.5.1-13.1.el7_5.noarch.rpmLinux
(RHSA-2018:1979) Moderate: pki-core security, bug fix, and enhancement update pki-server-10.5.1-13.1.el7_5.noarch.rpmLinux
(RHSA-2018:1979) Moderate: pki-core security, bug fix, and enhancement update pki-symkey-10.5.1-13.1.el7_5.x86_64.rpmLinux
(RHSA-2018:1979) Moderate: pki-core security, bug fix, and enhancement update pki-tools-10.5.1-13.1.el7_5.x86_64.rpmLinux
Pki-symkey update (ELSA-2018-1979) pki-symkey-10.5.1-13.1.el7_5.x86_64.rpmLinux
Pki-tools update (ELSA-2018-1979) pki-tools-10.5.1-13.1.el7_5.x86_64.rpmLinux
Pki-base update (ELSA-2018-1979) pki-base-10.5.1-13.1.el7_5.noarch.rpmLinux
Pki-base-java update (ELSA-2018-1979) pki-base-java-10.5.1-13.1.el7_5.noarch.rpmLinux
Pki-ca update (ELSA-2018-1979) pki-ca-10.5.1-13.1.el7_5.noarch.rpmLinux
Pki-javadoc update (ELSA-2018-1979) pki-javadoc-10.5.1-13.1.el7_5.noarch.rpmLinux
Pki-kra update (ELSA-2018-1979) pki-kra-10.5.1-13.1.el7_5.noarch.rpmLinux
Pki-server update (ELSA-2018-1979) pki-server-10.5.1-13.1.el7_5.noarch.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234