Candidate: CVE-2018-1080
PublicDate: 2018-07-03 01:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1080
 https://bugzilla.redhat.com/show_bug.cgi?id=1556657
 https://pagure.io/freeipa/issue/7453
Description:
 Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java
 that, under certain configurations, causes the application of ACL allow and
 deny rules to be reversed. If a server is configured to process allow rules
 before deny rules (authz.evaluateOrder=allow,deny), then allow rules will
 deny access and deny rules will grant access. This may result in an
 escalation of privileges or have other unintended consequences.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H [8.1 HIGH]


Patches_dogtag-pki:
 upstream: https://github.com/dogtagpki/pki/commit/b54975f4cac60e2f4332b08414f1b5ea4de62601
upstream_dogtag-pki: released (10.6.1)
precise/esm_dogtag-pki: DNE
trusty_dogtag-pki: DNE
trusty/esm_dogtag-pki: DNE
xenial_dogtag-pki: ignored (end of standard support, was needed)
artful_dogtag-pki: ignored (reached end-of-life)
bionic_dogtag-pki: not-affected (10.6.0-1ubuntu1)
cosmic_dogtag-pki: not-affected (10.6.6-2)
disco_dogtag-pki: DNE
eoan_dogtag-pki: not-affected (10.6.6-2)
focal_dogtag-pki: not-affected
groovy_dogtag-pki: not-affected
hirsute_dogtag-pki: not-affected
impish_dogtag-pki: not-affected
jammy_dogtag-pki: not-affected
devel_dogtag-pki: not-affected