dogtagpki dogtagpki CVE-2021-20179 vulnerability in Dogtagpki and Other Products
Published on March 15, 2021

product logo product logo product logo
A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Weakness Type

What is an AuthZ Vulnerability?

The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

CVE-2021-20179 has been classified to as an AuthZ vulnerability or weakness.


Products Associated with CVE-2021-20179

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-20179 are published in these products:

Dogtagpki
 
Red Hat Certificate System
 
Fedora Project Fedora
 
Red Hat Enterprise Linux (RHEL)
 

Exploit Probability

EPSS
0.29%
Percentile
52.12%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.