DEBIAN-CVE-2021-20179

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2021-20179

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2021-20179.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2021-20179

Upstream

CVE-2021-20179

Published

2021-03-15T13:15:14Z

Modified

2025-09-30T03:54:32Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.

References

https://security-tracker.debian.org/tracker/CVE-2021-20179

Affected packages

Debian:11 / dogtag-pki

Package

Name: dogtag-pki
Purl: pkg:deb/debian/dogtag-pki?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.10.2-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}