CVE-2021-20179
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-20179
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20179.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-20179
- Downstream
- Related
- Published
- 2021-03-15T13:15:14Z
- Modified
- 2025-10-21T05:57:57.714904Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.
- References
-
- https://bugzilla.redhat.com/show_bug.cgi?id=1914379
- https://github.com/dogtagpki/pki/pull/3474
- https://github.com/dogtagpki/pki/pull/3475
- https://github.com/dogtagpki/pki/pull/3476
- https://github.com/dogtagpki/pki/pull/3477
- https://github.com/dogtagpki/pki/pull/3478
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDOLFOLEIV7I4EUC3SCZBXL6E2ER7ZEN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRE44N6P24AEDKRMWK7RPRLMCUUBRJII/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3I7BRAHLE2WWSY76W3CKFCF5WSSAE24/
Affected packages
Git / github.com/dogtagpki/pki
Affected ranges
- Type
- GIT
- Repo
- https://github.com/dogtagpki/pki
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
DOGTAG_10_0_0_ALPHA_FEDORA_16_17_20120314
DOGTAG_10_0_2_FEDORA_18_19_20130507
DOGTAG_10_1_0_BETA_20131111
DOGTAG_10_1_0_BETA_FEDORA_20_20131111
DOGTAG_10_1_0_GA_FEDORA_20_20131121
DOGTAG_10_2_0_ALPHA_FEDORA_21_20140909
DOGTAG_10_2_1_FEDORA_22_20150108
DOGTAG_10_2_20150808
DOGTAG_10_2_2_FEDORA_22_20150318
DOGTAG_10_2_3_FEDORA_22_20150423
DOGTAG_10_2_4_FEDORA_22_20150526
DOGTAG_10_2_5_FEDORA_22_20150619
DOGTAG_10_2_6_FEDORA_22_23_20150718
DOGTAG_10_3_0_FEDORA_24_20160516
DOGTAG_10_3_0_a1_FEDORA_24_ALPHA_20160307
DOGTAG_10_3_0_a2_FEDORA_24_ALPHA_20160407
DOGTAG_10_3_0_b1_FEDORA_24_BETA_20160418
DOGTAG_10_3_1_FEDORA_24_20160517
DOGTAG_10_3_2_FEDORA_24_20160607
DOGTAG_10_3_3_FEDORA_24_20160620
DOGTAG_10_3_4_FEDORA_24_20160705
DOGTAG_10_3_5_FEDORA_24_20160808
DOGTAG_10_4_8_FEDORA_27
DOGTAG_10_4_FEDORA_25_20170314
DOGTAG_10_4_FEDORA_27_20170331
DOGTAG_10_4_FEDORA_27_20170413
DOGTAG_10_4_FEDORA_27_20170501
DOGTAG_10_4_FEDORA_27_20170509
DOGTAG_10_4_FEDORA_27_20170522
DOGTAG_10_4_FEDORA_27_20170530
DOGTAG_10_4_FEDORA_27_20170605
DOGTAG_10_4_FEDORA_27_20170612
pki-core-10.*
pki-core-10.2.0-3
pki-core-10.2.1-0.1
v10.*
v10.0.2
v10.1.0
v10.2.0
v10.2.1
v10.2.2
v10.2.3
v10.2.4
v10.2.5
v10.2.6
v10.3.0
v10.3.1
v10.3.2
v10.3.3
v10.3.4
v10.3.5
v10.4.0
v10.4.1
v10.4.2
v10.4.3
v10.4.4
v10.4.5
v10.4.6
v10.4.7
v10.4.8
Database specific
vanir_signatures
[
{
"id": "CVE-2021-20179-0e072b73",
"source": "https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "54441090051344207658464347745658218676",
"length": 3015.0
},
"target": {
"function": "verifyIdentityProofV2",
"file": "base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java"
}
},
{
"id": "CVE-2021-20179-1e78e448",
"source": "https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "267018600434706295510743686978640798941",
"length": 829.0
},
"target": {
"function": "verifyIdentityProof",
"file": "base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java"
}
},
{
"id": "CVE-2021-20179-268c442b",
"source": "https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"119813781229324719465313604325063390269",
"206579920754492837520605722674312188420",
"31471128647666411309927597957641968389",
"236593227366929023468853601517933302588"
]
},
"target": {
"file": "base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecord.java"
}
},
{
"id": "CVE-2021-20179-4d06a761",
"source": "https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "12689657080330388549508721726172619013",
"length": 53.0
},
"target": {
"function": "getSharedToken",
"file": "base/server/cms/src/com/netscape/cms/authentication/SharedSecret.java"
}
},
{
"id": "CVE-2021-20179-57c99527",
"source": "https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "14311530824467759106340831820783250661",
"length": 10854.0
},
"target": {
"function": "parseCMC",
"file": "base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java"
}
},
{
"id": "CVE-2021-20179-60a5257c",
"source": "https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"50144740268872901546136653841520583177",
"157364451672809884236380347927282077634",
"286762480023792017995463183207496472328",
"137513397201890692704452698109573539717",
"54271539251415235809337371228940753959",
"309458631363004085951422150991746675258",
"71503426634761926329883259007057384172",
"100450703639452172375077118784693471768",
"185835210118615544719982733345860748853",
"323697539945578420401655401602005157002",
"188503033638314928927138920549815677178",
"214581713375578823003313357546228527745",
"114914276076095433563029652036109798336",
"262711987658178949980891729485104824811",
"257883204061265672379817241921416043568",
"24707254884296723604763332112163303457",
"161161174502385851485937006415582749115",
"123132503857464606356865965461202562359",
"105804241195163931573106156640193574404",
"23656071757665765726709527721861361317",
"265094617384277724864081164491128085764",
"244398265112699885350560316147978529416",
"33215573704021033201110354447348235652",
"196404215315973092989303383189873195084",
"267532530041463613252806521376931794529",
"209648221920670521511055588884310052387",
"301512705665494368527148634045170792800",
"103694432522112642664342482391048141244",
"192292217185827076556157486985066711430",
"156311962408448250793023456567689400029",
"122878366457563782800986425178346380200",
"9864411241884671399447032718777930731",
"274731201829344058397830329142725972736",
"336418381420163807704055368209052550618",
"118881558664310293864279327064474115395",
"244398265112699885350560316147978529416",
"33215573704021033201110354447348235652",
"196404215315973092989303383189873195084",
"267532530041463613252806521376931794529",
"192766215898889730021493303869599686912",
"330986097576157884324815935760977256585",
"139362054834113592051940966138013100440",
"241134828259685449172865651230173883751",
"244398265112699885350560316147978529416",
"33215573704021033201110354447348235652",
"196404215315973092989303383189873195084",
"267532530041463613252806521376931794529",
"123721251436716656669036209524643212488",
"338514760006221142751033281873476219464",
"35608510172827457835914000442235156765",
"267532530041463613252806521376931794529",
"244398265112699885350560316147978529416",
"33215573704021033201110354447348235652",
"196404215315973092989303383189873195084",
"267532530041463613252806521376931794529"
]
},
"target": {
"file": "base/server/cms/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java"
}
},
{
"id": "CVE-2021-20179-85af8634",
"source": "https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "12689657080330388549508721726172619013",
"length": 53.0
},
"target": {
"function": "getSharedToken",
"file": "base/server/cms/src/com/netscape/cms/authentication/SharedSecret.java"
}
},
{
"id": "CVE-2021-20179-89f19320",
"source": "https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "12689657080330388549508721726172619013",
"length": 53.0
},
"target": {
"function": "getSharedToken",
"file": "base/server/cms/src/com/netscape/cms/authentication/SharedSecret.java"
}
},
{
"id": "CVE-2021-20179-d007f827",
"source": "https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "94658207559501344702699919584237026986",
"length": 9656.0
},
"target": {
"function": "processRevokeRequestControl",
"file": "base/server/cms/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java"
}
},
{
"id": "CVE-2021-20179-d2ee1191",
"source": "https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"40543520480285361036539646410038733761",
"322032398141534520799546586689609336359",
"46886620083830573160383508621173920516",
"97284293869157049197856153008923772401",
"266900006614232023223387233289339380813",
"41027890830023762814008282449752983961",
"111354172753204167009147910873213388338",
"184555203992817163265883806226029989386",
"100490924935808709465894471637372409280",
"157152284460672020540227771512934965967",
"155142603302352475479865365358847571566",
"221952727816058612343788280605687244295",
"70989293930921670820435380612273921945",
"146237705984622802142744974023505748300"
]
},
"target": {
"file": "base/server/cms/src/com/netscape/cms/authentication/SharedSecret.java"
}
},
{
"id": "CVE-2021-20179-d602d2a1",
"source": "https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "111801778379045295498133402246480541998",
"length": 4171.0
},
"target": {
"function": "verifyPOPLinkWitness",
"file": "base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java"
}
},
{
"id": "CVE-2021-20179-d8114c2f",
"source": "https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"163835842624781851739181320421040215129",
"265875468282026093727255952513226828390",
"209102383531827590460847278479814323049",
"182316408652740175600242013118786370975",
"278046553589849576516931702707368109910",
"86028493144529377736739411061103010241",
"171198369597291849209618054552954124173",
"284392829812720329494699497690181617287",
"67499473274737491505648515351428715217",
"30193726965232511532594495139232108022",
"3629729629047234585115427899292537922",
"134332525048136160939394749592903139764",
"81161717364690787297930105459746258508",
"269392733657291065880830972624127817653",
"225860176437471810647406136693567028001",
"39779913459784007126306716519928452895",
"188698201778610910063817353351759557092",
"14404776855260631664680515681637477491",
"99378878044714875427914106561257901152",
"173379735910542132840489802265438670201",
"32291026433108107253148568013595179081",
"200214202728817306323379053459123350635",
"22304483177027485545900769922129222663",
"311090135474545892769497642648526323381",
"12425037541972439151899000449509934257",
"6771664669985811192980285030486295375",
"164341568488217941451999977285098118399",
"248464425685485258248379522558043852515",
"223827585546454875134223437677823975099",
"303711474199398221697516750158549814845",
"188212213911419429505301025033209891240",
"284260655329569781144525243671321009799",
"81150106811507441343044557683340366814",
"167020543777571911603092342804119077123",
"69964463990909638200156974638889780755",
"247881134038911712807116126304545780534",
"183861919522288618511771048541520629292",
"27621150179471996960634266908173230329",
"181920715127620437739178262164188008540",
"126115122399690201426718650376584636359",
"182475809366116504409062933771655734081",
"280074662233799684560148110250837705963",
"138714835252680550953272158586528478128",
"330272039751844899701044824700770996435",
"17310609658228987385845136063127115882",
"58348755128184205719806981283760507634",
"303711474199398221697516750158549814845",
"188212213911419429505301025033209891240",
"284260655329569781144525243671321009799",
"81150106811507441343044557683340366814",
"167020543777571911603092342804119077123",
"69964463990909638200156974638889780755",
"136448609178206497140496561158490051959",
"129485178381517745178676049366629197845",
"40760792347920281043931772270927714148",
"62469226118349430158949424464958440100",
"89812713404785594966162343316855776670",
"324438994247380312015649271039653635107",
"269806947251368483827661079309776957454",
"247128680990419752453666972654738888597",
"142216477827848865708896225206597623550",
"129244676144747966278269234567221201472",
"143121362268867898787498719609851649249",
"292341732921394426624114066835744693036",
"256420741915177142533598164674056994623",
"44603911492258006105838587662161251544",
"169198212935284010246227494904470202506",
"101521285141261538414284793309757418264",
"142646645035670939983719684956039336393",
"103472734126665603748011102635443036665",
"33996475952153791004194958304445115269",
"129746748653360315789558498214966478067",
"258263505757579088334908426956793454642",
"92295668062533292458723089333790410935",
"150673452980281351467069455289685366304",
"298923929779462677482207645866514282481",
"260609637900324946451912009204555312925",
"77375614963883025703376678885873749516"
]
},
"target": {
"file": "base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java"
}
},
{
"id": "CVE-2021-20179-f3ef3436",
"source": "https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"46158336906357841741512425187361986031",
"190845056726524464162345985391662095895",
"65201681009416908667148910607291092551",
"63062489232850265668719462466355053669",
"222093830415502826019611763240493470585"
]
},
"target": {
"file": "base/common/src/com/netscape/certsrv/authentication/ISharedToken.java"
}
}
]