UBUNTU-CVE-2021-20179

Source
https://ubuntu.com/security/CVE-2021-20179
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-20179.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-20179
Related
Published
2021-03-15T13:15:00Z
Modified
2024-12-10T16:34:52Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.

References

Affected packages

Ubuntu:Pro:18.04:LTS / dogtag-pki

Package

Name
dogtag-pki
Purl
pkg:deb/ubuntu/dogtag-pki?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

10.*

10.3.5+12-4ubuntu1
10.3.5+12-5
10.5.3-3
10.5.3-4
10.5.5-1
10.6.0~beta2-3
10.6.0-1ubuntu1
10.6.0-1ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "high"
}

Ubuntu:20.04:LTS / dogtag-pki

Package

Name
dogtag-pki
Purl
pkg:deb/ubuntu/dogtag-pki?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

10.*

10.7.3-4
10.8.3-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "high"
}