Upstream information
Description
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
No SUSE Bugzilla entries cross referenced. No SUSE Security Announcements cross referenced.List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Liberty Linux 9 |
| Patchnames: RHSA-2024:4165 |
SUSE Timeline for this CVE
CVE page created: Tue Jun 11 18:00:18 2024CVE page last modified: Sat Jun 29 11:37:43 2024