1. CVE-Search
  2. CVE-2020-1721
ID CVE-2020-1721
Summary A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.
References
Vulnerable Configurations
  • cpe:2.3:a:dogtagpki:dogtagpki:10.10.5:*:*:*:*:*:*:*
    cpe:2.3:a:dogtagpki:dogtagpki:10.10.5:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 21-11-2024 - 05:11)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
redhat via4
advisories
bugzilla
id 1873235
title pki ca-user-cert-add with secure port failed with 'SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT'
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 8 is installed
      oval oval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • comment Module pki-deps:10.6 is enabled
          oval oval:com.redhat.rhsa:tst:20191529069
        • OR
          • AND
            • comment apache-commons-collections is earlier than 0:3.2.2-10.module+el8.1.0+3366+6dfb954c
              oval oval:com.redhat.rhsa:tst:20201644001
            • comment apache-commons-collections is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20152522002
          • AND
            • comment apache-commons-lang is earlier than 0:2.6-21.module+el8.1.0+3366+6dfb954c
              oval oval:com.redhat.rhsa:tst:20201644003
            • comment apache-commons-lang is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529004
          • AND
            • comment apache-commons-net is earlier than 0:3.6-3.module+el8.3.0+6805+72837426
              oval oval:com.redhat.rhsa:tst:20204847005
            • comment apache-commons-net is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20204847006
          • AND
            • comment bea-stax-api is earlier than 0:1.2.0-16.module+el8.1.0+3366+6dfb954c
              oval oval:com.redhat.rhsa:tst:20201644005
            • comment bea-stax-api is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529006
          • AND
            • comment glassfish-fastinfoset is earlier than 0:1.2.13-9.module+el8.1.0+3366+6dfb954c
              oval oval:com.redhat.rhsa:tst:20201644007
            • comment glassfish-fastinfoset is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529008
          • AND
            • comment glassfish-jaxb-api is earlier than 0:2.2.12-8.module+el8.1.0+3366+6dfb954c
              oval oval:com.redhat.rhsa:tst:20201644009
            • comment glassfish-jaxb-api is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529010
          • AND
            • comment glassfish-jaxb-core is earlier than 0:2.2.11-11.module+el8.1.0+3366+6dfb954c
              oval oval:com.redhat.rhsa:tst:20201644011
            • comment glassfish-jaxb-core is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529012
          • AND
            • comment glassfish-jaxb-runtime is earlier than 0:2.2.11-11.module+el8.1.0+3366+6dfb954c
              oval oval:com.redhat.rhsa:tst:20201644013
            • comment glassfish-jaxb-runtime is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529014
          • AND
            • comment glassfish-jaxb-txw2 is earlier than 0:2.2.11-11.module+el8.1.0+3366+6dfb954c
              oval oval:com.redhat.rhsa:tst:20201644015
            • comment glassfish-jaxb-txw2 is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529016
          • AND
            • comment jackson-annotations is earlier than 0:2.10.0-1.module+el8.2.0+5059+3eb3af25
              oval oval:com.redhat.rhsa:tst:20201644017
            • comment jackson-annotations is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529018
          • AND
            • comment jackson-core is earlier than 0:2.10.0-1.module+el8.2.0+5059+3eb3af25
              oval oval:com.redhat.rhsa:tst:20201644019
            • comment jackson-core is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529020
          • AND
            • comment jackson-databind is earlier than 0:2.10.0-1.module+el8.2.0+5059+3eb3af25
              oval oval:com.redhat.rhsa:tst:20201644021
            • comment jackson-databind is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529022
          • AND
            • comment jackson-jaxrs-json-provider is earlier than 0:2.9.9-1.module+el8.1.0+3832+9784644d
              oval oval:com.redhat.rhsa:tst:20201644023
            • comment jackson-jaxrs-json-provider is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529024
          • AND
            • comment jackson-jaxrs-providers is earlier than 0:2.9.9-1.module+el8.1.0+3832+9784644d
              oval oval:com.redhat.rhsa:tst:20201644025
            • comment jackson-jaxrs-providers is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529026
          • AND
            • comment jackson-module-jaxb-annotations is earlier than 0:2.7.6-4.module+el8.1.0+3366+6dfb954c
              oval oval:com.redhat.rhsa:tst:20201644027
            • comment jackson-module-jaxb-annotations is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529028
          • AND
            • comment jakarta-commons-httpclient is earlier than 1:3.1-28.module+el8.1.0+3366+6dfb954c
              oval oval:com.redhat.rhsa:tst:20201644029
            • comment jakarta-commons-httpclient is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20130270002
          • AND
            • comment javassist is earlier than 0:3.18.1-8.module+el8.1.0+3366+6dfb954c
              oval oval:com.redhat.rhsa:tst:20201644031
            • comment javassist is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529032
          • AND
            • comment javassist-javadoc is earlier than 0:3.18.1-8.module+el8.1.0+3366+6dfb954c
              oval oval:com.redhat.rhsa:tst:20201644033
            • comment javassist-javadoc is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529034
          • AND
            • comment pki-servlet-4.0-api is earlier than 1:9.0.30-1.module+el8.3.0+6730+8f9c6254
              oval oval:com.redhat.rhsa:tst:20204847037
            • comment pki-servlet-4.0-api is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529036
          • AND
            • comment pki-servlet-engine is earlier than 1:9.0.30-1.module+el8.3.0+6730+8f9c6254
              oval oval:com.redhat.rhsa:tst:20204847039
            • comment pki-servlet-engine is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20201644038
          • AND
            • comment python-nss-debugsource is earlier than 0:1.0.1-10.module+el8.1.0+3366+6dfb954c
              oval oval:com.redhat.rhsa:tst:20201644039
            • comment python-nss-debugsource is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529040
          • AND
            • comment python-nss-doc is earlier than 0:1.0.1-10.module+el8.1.0+3366+6dfb954c
              oval oval:com.redhat.rhsa:tst:20201644041
            • comment python-nss-doc is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529042
          • AND
            • comment python3-nss is earlier than 0:1.0.1-10.module+el8.1.0+3366+6dfb954c
              oval oval:com.redhat.rhsa:tst:20201644043
            • comment python3-nss is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529044
          • AND
            • comment relaxngDatatype is earlier than 0:2011.1-7.module+el8.1.0+3366+6dfb954c
              oval oval:com.redhat.rhsa:tst:20201644045
            • comment relaxngDatatype is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529046
          • AND
            • comment resteasy is earlier than 0:3.0.26-3.module+el8.2.0+5723+4574fbff
              oval oval:com.redhat.rhsa:tst:20204847049
            • comment resteasy is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529048
          • AND
            • comment slf4j is earlier than 0:1.7.25-4.module+el8.1.0+3366+6dfb954c
              oval oval:com.redhat.rhsa:tst:20201644049
            • comment slf4j is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20180592002
          • AND
            • comment slf4j-jdk14 is earlier than 0:1.7.25-4.module+el8.1.0+3366+6dfb954c
              oval oval:com.redhat.rhsa:tst:20201644051
            • comment slf4j-jdk14 is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529052
          • AND
            • comment stax-ex is earlier than 0:1.7.7-8.module+el8.2.0+5723+4574fbff
              oval oval:com.redhat.rhsa:tst:20204847055
            • comment stax-ex is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529054
          • AND
            • comment velocity is earlier than 0:1.7-24.module+el8.1.0+3366+6dfb954c
              oval oval:com.redhat.rhsa:tst:20201644055
            • comment velocity is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529056
          • AND
            • comment xalan-j2 is earlier than 0:2.7.1-38.module+el8.1.0+3366+6dfb954c
              oval oval:com.redhat.rhsa:tst:20201644057
            • comment xalan-j2 is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20140348013
          • AND
            • comment xerces-j2 is earlier than 0:2.11.0-34.module+el8.1.0+3366+6dfb954c
              oval oval:com.redhat.rhsa:tst:20201644059
            • comment xerces-j2 is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20110858002
          • AND
            • comment xml-commons-apis is earlier than 0:1.4.01-25.module+el8.1.0+3366+6dfb954c
              oval oval:com.redhat.rhsa:tst:20201644061
            • comment xml-commons-apis is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529062
          • AND
            • comment xml-commons-resolver is earlier than 0:1.2-26.module+el8.1.0+3366+6dfb954c
              oval oval:com.redhat.rhsa:tst:20201644063
            • comment xml-commons-resolver is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529064
          • AND
            • comment xmlstreambuffer is earlier than 0:1.5.4-8.module+el8.2.0+5723+4574fbff
              oval oval:com.redhat.rhsa:tst:20204847067
            • comment xmlstreambuffer is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529066
          • AND
            • comment xsom is earlier than 0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c
              oval oval:com.redhat.rhsa:tst:20201644067
            • comment xsom is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20191529068
      • AND
        • comment Module pki-core:10.6 is enabled
          oval oval:com.redhat.rhsa:tst:20201644100
        • OR
          • AND
            • comment jss is earlier than 0:4.7.3-1.module+el8.3.0+8058+d5cd4219
              oval oval:com.redhat.rhsa:tst:20204847072
            • comment jss is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20193067002
          • AND
            • comment jss-debugsource is earlier than 0:4.7.3-1.module+el8.3.0+8058+d5cd4219
              oval oval:com.redhat.rhsa:tst:20204847074
            • comment jss-debugsource is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20201644073
          • AND
            • comment jss-javadoc is earlier than 0:4.7.3-1.module+el8.3.0+8058+d5cd4219
              oval oval:com.redhat.rhsa:tst:20204847076
            • comment jss-javadoc is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20193067004
          • AND
            • comment ldapjdk is earlier than 0:4.22.0-1.module+el8.3.0+6784+6e1e4c62
              oval oval:com.redhat.rhsa:tst:20204847078
            • comment ldapjdk is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20201644077
          • AND
            • comment ldapjdk-javadoc is earlier than 0:4.22.0-1.module+el8.3.0+6784+6e1e4c62
              oval oval:com.redhat.rhsa:tst:20204847080
            • comment ldapjdk-javadoc is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20201644079
          • AND
            • comment pki-base is earlier than 0:10.9.4-1.module+el8.3.0+8058+d5cd4219
              oval oval:com.redhat.rhsa:tst:20204847082
            • comment pki-base is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20172335002
          • AND
            • comment pki-base-java is earlier than 0:10.9.4-1.module+el8.3.0+8058+d5cd4219
              oval oval:com.redhat.rhsa:tst:20204847084
            • comment pki-base-java is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20172335004
          • AND
            • comment pki-ca is earlier than 0:10.9.4-1.module+el8.3.0+8058+d5cd4219
              oval oval:com.redhat.rhsa:tst:20204847086
            • comment pki-ca is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20130511002
          • AND
            • comment pki-core-debugsource is earlier than 0:10.9.4-1.module+el8.3.0+8058+d5cd4219
              oval oval:com.redhat.rhsa:tst:20204847088
            • comment pki-core-debugsource is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20201644087
          • AND
            • comment pki-kra is earlier than 0:10.9.4-1.module+el8.3.0+8058+d5cd4219
              oval oval:com.redhat.rhsa:tst:20204847090
            • comment pki-kra is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20172335010
          • AND
            • comment pki-server is earlier than 0:10.9.4-1.module+el8.3.0+8058+d5cd4219
              oval oval:com.redhat.rhsa:tst:20204847092
            • comment pki-server is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20172335012
          • AND
            • comment pki-symkey is earlier than 0:10.9.4-1.module+el8.3.0+8058+d5cd4219
              oval oval:com.redhat.rhsa:tst:20204847094
            • comment pki-symkey is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20130511020
          • AND
            • comment pki-tools is earlier than 0:10.9.4-1.module+el8.3.0+8058+d5cd4219
              oval oval:com.redhat.rhsa:tst:20204847096
            • comment pki-tools is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20172335016
          • AND
            • comment python3-pki is earlier than 0:10.9.4-1.module+el8.3.0+8058+d5cd4219
              oval oval:com.redhat.rhsa:tst:20204847098
            • comment python3-pki is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20201644097
          • AND
            • comment tomcatjss is earlier than 0:7.5.0-1.module+el8.3.0+7355+c59bcbd9
              oval oval:com.redhat.rhsa:tst:20204847100
            • comment tomcatjss is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20201644099
rhsa
id RHSA-2020:4847
released 2020-11-04
severity Moderate
title RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate)
rpms
  • apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c
  • apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c
  • apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426
  • bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c
  • glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c
  • glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c
  • glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c
  • glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c
  • glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c
  • jackson-annotations-0:2.10.0-1.module+el8.2.0+5059+3eb3af25
  • jackson-core-0:2.10.0-1.module+el8.2.0+5059+3eb3af25
  • jackson-databind-0:2.10.0-1.module+el8.2.0+5059+3eb3af25
  • jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d
  • jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d
  • jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c
  • jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c
  • javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c
  • javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c
  • jss-0:4.7.3-1.module+el8.3.0+8058+d5cd4219
  • jss-debuginfo-0:4.7.3-1.module+el8.3.0+8058+d5cd4219
  • jss-debugsource-0:4.7.3-1.module+el8.3.0+8058+d5cd4219
  • jss-javadoc-0:4.7.3-1.module+el8.3.0+8058+d5cd4219
  • ldapjdk-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62
  • ldapjdk-javadoc-0:4.22.0-1.module+el8.3.0+6784+6e1e4c62
  • pki-base-0:10.9.4-1.module+el8.3.0+8058+d5cd4219
  • pki-base-java-0:10.9.4-1.module+el8.3.0+8058+d5cd4219
  • pki-ca-0:10.9.4-1.module+el8.3.0+8058+d5cd4219
  • pki-core-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219
  • pki-core-debugsource-0:10.9.4-1.module+el8.3.0+8058+d5cd4219
  • pki-kra-0:10.9.4-1.module+el8.3.0+8058+d5cd4219
  • pki-server-0:10.9.4-1.module+el8.3.0+8058+d5cd4219
  • pki-servlet-4.0-api-1:9.0.30-1.module+el8.3.0+6730+8f9c6254
  • pki-servlet-engine-1:9.0.30-1.module+el8.3.0+6730+8f9c6254
  • pki-symkey-0:10.9.4-1.module+el8.3.0+8058+d5cd4219
  • pki-symkey-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219
  • pki-tools-0:10.9.4-1.module+el8.3.0+8058+d5cd4219
  • pki-tools-debuginfo-0:10.9.4-1.module+el8.3.0+8058+d5cd4219
  • python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c
  • python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c
  • python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c
  • python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c
  • python3-pki-0:10.9.4-1.module+el8.3.0+8058+d5cd4219
  • relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c
  • resteasy-0:3.0.26-3.module+el8.2.0+5723+4574fbff
  • slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c
  • slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c
  • stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff
  • tomcatjss-0:7.5.0-1.module+el8.3.0+7355+c59bcbd9
  • velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c
  • xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c
  • xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c
  • xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c
  • xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c
  • xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff
  • xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c
Last major update 21-11-2024 - 05:11
Published 30-04-2021 - 12:15
Last modified 21-11-2024 - 05:11
Back to Top