Candidate: CVE-2020-1721
PublicDate: 2021-04-30 12:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1721
 https://bugzilla.redhat.com/show_bug.cgi?id=1777579
Description:
 A flaw was found in the Key Recovery Authority (KRA) Agent Service in
 pki-core 10.10.5 where it did not properly sanitize the recovery ID during
 a key recovery request, enabling a reflected cross-site scripting (XSS)
 vulnerability. An attacker could trick an authenticated victim into
 executing specially crafted Javascript code.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by: Pritam Singh
Assigned-to: pfsmorigo
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]


Patches_dogtag-pki:
 upstream: https://github.com/dogtagpki/pki/pull/434/commits/73e84624891ab2018286e076d7c683b484bff4ff
upstream_dogtag-pki: released (10.9.0-a2)
precise/esm_dogtag-pki: DNE
trusty_dogtag-pki: ignored (out of standard support)
trusty/esm_dogtag-pki: DNE
xenial_dogtag-pki: ignored (end of standard support, was needs-triage)
bionic_dogtag-pki: needs-triage
eoan_dogtag-pki: ignored (reached end-of-life)
focal_dogtag-pki: needed
groovy_dogtag-pki: ignored (reached end-of-life)
hirsute_dogtag-pki: ignored (reached end-of-life)
impish_dogtag-pki: needs-triage
jammy_dogtag-pki: needs-triage
devel_dogtag-pki: needs-triage