Vulnerability Description
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pki-Core Project | Pki-Core | <= 10.12.4 |
| Redhat | Certificate System | 9.0 |
| Redhat | Enterprise Linux | 6.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2101046Issue TrackingThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2101046Issue TrackingThird Party Advisory
FAQ
What is CVE-2022-2393?
CVE-2022-2393 is a vulnerability with a CVSS score of 5.7 (MEDIUM). A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the ...
How severe is CVE-2022-2393?
CVE-2022-2393 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2393?
Check the references section above for vendor advisories and patch information. Affected products include: Pki-Core Project Pki-Core, Redhat Certificate System, Redhat Enterprise Linux.