CVE-2018-1080 - OpenCVE

Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Dogtagpki	Dogtagpki

Configuration 1 [-]

cpe:2.3:a:dogtagpki:dogtagpki:*:*:*:*:*:*:*:*

References

Link	Resource
https://access.redhat.com/errata/RHSA-2018:1979	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1080	Issue Tracking Third Party Advisory
https://pagure.io/freeipa/issue/7453	Third Party Advisory
https://review.gerrithub.io/c/dogtagpki/pki/+/404435	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2018-07-02T18:00:00

Updated: 2018-07-03T09:57:01

Reserved: 2017-12-04T00:00:00

Link: CVE-2018-1080

JSON object: View

NVD Information

Status : Modified

Published: 2018-07-03T01:29:00.533

Modified: 2019-10-09T23:38:04.037

Link: CVE-2018-1080

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "pki-core", "vendor": "[UNKNOWN]", "versions": [{"status": "affected", "version": "PKI 10.6.1"}]}], "datePublic": "2018-03-15T00:00:00", "descriptions": [{"lang": "en", "value": "Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-07-03T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://pagure.io/freeipa/issue/7453"}, {"name": "RHSA-2018:1979", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1979"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://review.gerrithub.io/c/dogtagpki/pki/+/404435"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1080"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-1080", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "pki-core", "version": {"version_data": [{"version_value": "PKI 10.6.1"}]}}]}, "vendor_name": "[UNKNOWN]"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences."}]}, "impact": {"cvss": [[{"vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284"}]}]}, "references": {"reference_data": [{"name": "https://pagure.io/freeipa/issue/7453", "refsource": "CONFIRM", "url": "https://pagure.io/freeipa/issue/7453"}, {"name": "RHSA-2018:1979", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1979"}, {"name": "https://review.gerrithub.io/c/dogtagpki/pki/+/404435", "refsource": "CONFIRM", "url": "https://review.gerrithub.io/c/dogtagpki/pki/+/404435"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1080", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1080"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1080", "datePublished": "2018-07-02T18:00:00", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2018-07-03T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dogtagpki:dogtagpki:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF840646-E4B8-4837-92CD-9DA517B9AC02", "versionEndIncluding": "10.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences."}, {"lang": "es", "value": "Dogtag PKI, hasta la versi\u00f3n 10.6.1, tiene una vulnerabilidad en AAclAuthz.java que, bajo ciertas configuraciones, provoca que la aplicaci\u00f3n de listas de control de acceso permita que las reglas allow y deny se reviertan. Si un servidor est\u00e1 configurado para procesar las reglas allow antes que las deny (authz.evaluateOrder=allow,deny), las reglas allow denegar\u00e1n el acceso y las reglas deny lo permitir\u00e1n. Esto podr\u00eda desembocar en un escalado de privilegios o en otras consecuencias no planeadas."}], "id": "CVE-2018-1080", "lastModified": "2019-10-09T23:38:04.037", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2018-07-03T01:29:00.533", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1979"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1080"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://pagure.io/freeipa/issue/7453"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://review.gerrithub.io/c/dogtagpki/pki/+/404435"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "secalert@redhat.com", "type": "Secondary"}]}