CVE-2022-2393 - OpenCVE

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Certificate System Enterprise Linux
Pki-core Project	Pki-core

Configuration 1 [-]

cpe:2.3:a:pki-core_project:pki-core:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:redhat:certificate_system:9.0:::::::*
	cpe:2.3:a:redhat:certificate_system:10.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2101046	Issue Tracking Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2022-07-14T14:53:46

Updated: 2022-07-14T14:53:46

Reserved: 2022-07-12T00:00:00

Link: CVE-2022-2393

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-07-14T15:15:08.133

Modified: 2023-06-30T18:53:57.827

Link: CVE-2022-2393

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pki-core_project:pki-core:*:*:*:*:*:*:*:*", "matchCriteriaId": "025D479C-A4CB-442E-9A89-005CF4567026", "versionEndIncluding": "10.12.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:certificate_system:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "F53A5C24-3524-4DC1-B3C8-5D86055BD7A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:certificate_system:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "95575E40-9DB8-43CB-B667-46803DAE501F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content."}, {"lang": "es", "value": "Se ha encontrado un fallo en pki-core, que podr\u00eda permitir a un usuario conseguir un certificado para otra identidad de usuario cuando la autenticaci\u00f3n basada en el directorio est\u00e1 habilitada. Este fallo permite a un atacante autenticado en la red adyacente hacerse pasar por otro usuario dentro del \u00e1mbito del dominio, pero no podr\u00eda descifrar el contenido de los mensajes"}], "id": "CVE-2022-2393", "lastModified": "2023-06-30T18:53:57.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-14T15:15:08.133", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101046"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-285"}], "source": "secalert@redhat.com", "type": "Secondary"}]}