CVE-2022-2414

HIGH EXPLOITED NUCLEI

Dogtagpki - XXE

Title source: rule

Description

Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.

Exploits (5)

nomisec WORKING POC 10 stars

by amitlttwo · infoleak

https://github.com/amitlttwo/CVE-2022-2414-Proof-Of-Concept

View Code ZIP pw:eip

nomisec WORKING POC 3 stars

by geniuszly · infoleak

https://github.com/geniuszly/CVE-2022-2414

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by superhac · poc

https://github.com/superhac/CVE-2022-2414-POC

View Code ZIP pw:eip

nomisec WORKING POC

by satyasai1460 · infoleak

https://github.com/satyasai1460/CVE-2022-2414

View Code ZIP pw:eip

inthewild WORKING POC

poc

https://github.com/geniuszlyy/cve-2022-2414

View Code ZIP pw:eip

Nuclei Templates (1)

FreeIPA - XML Entity Injection

HIGHVERIFIEDby DhiyaneshDk

Shodan: title:"Identity Management" html:"FreeIPA" || http.title:"identity management" html:"freeipa"

FOFA: title="Identity Management" || title="identity management" || title="identity management" html:"freeipa"

References (1)

[Issue Tracking, Patch, Third Party Advisory] https://github.com/dogtagpki/pki/pull/4021

Scores

CVSS v3 7.5

EPSS 0.9069

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2023-11-15

CWE

CWE-611

Status published

Products (7)

dogtagpki/dogtagpki 10.5.18

dogtagpki/dogtagpki 10.7.4

dogtagpki/dogtagpki 10.8.3

dogtagpki/dogtagpki 10.11.2

dogtagpki/dogtagpki 10.12.4

dogtagpki/dogtagpki 11.0.5

dogtagpki/dogtagpki 11.1.0

Published Jul 29, 2022

Tracked Since Feb 18, 2026