pki-coreproject pki-core CVE-2022-2393 in Pki Coreproject and Red Hat Products
Published on July 14, 2022

product logo product logo
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.

NVD

Weakness Type

What is an AuthZ Vulnerability?

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CVE-2022-2393 has been classified to as an AuthZ vulnerability or weakness.


Products Associated with CVE-2022-2393

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-2393 are published in these products:

Pki Coreproject Pki Core
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Certificate System
 

Exploit Probability

EPSS
0.06%
Percentile
19.71%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.