GCVE - cpe:2.3:a:n/a:pki-core:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:pki-core:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Pki Core (`a9c03116-9469-5eda-bc8b-79c52484cb8e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-2393`	vulnerable	2026-06-08 05:43:35.455700	Details available A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content. Published: 2022-07-14T14:53:46.000Z Updated: 2024-08-03T00:39:07.715Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=2101046	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-20179`	vulnerable	2026-06-08 05:29:08.646520	Details available A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity. Published: 2021-03-15T12:01:25.000Z Updated: 2024-08-03T17:30:07.814Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=1914379 https://github.com/dogtagpki/pki/pull/3478 https://github.com/dogtagpki/pki/pull/3477 https://github.com/dogtagpki/pki/pull/3476 https://github.com/dogtagpki/pki/pull/3475	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-25715`	vulnerable	2026-06-08 05:23:49.113557	Details available A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity. Published: 2021-05-28T10:20:26.000Z Updated: 2024-08-04T15:40:36.827Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=1891016	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-1721`	vulnerable	2026-06-08 05:21:02.882587	Details available A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code. Published: 2021-04-30T11:04:01.000Z Updated: 2024-08-04T06:46:30.633Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=1777579	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.