CVE-2022-2393
MEDIUMpki-core - Authenticated User Impersonation via Directory-Based Authentication
Title source: llmDescription
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.
References (1)
Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=2101046
Scores
CVSS v3
5.7
EPSS
0.0007
EPSS Percentile
21.0%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-285
Status
published
Products (7)
pki-core_project/pki-core
< 10.12.4
redhat/certificate_system
9.0
redhat/certificate_system
10.0
redhat/enterprise_linux
6.0
redhat/enterprise_linux
7.0
redhat/enterprise_linux
8.0
redhat/enterprise_linux
9.0
Published
Jul 14, 2022
Tracked Since
Feb 18, 2026