Candidate: CVE-2021-20179
PublicDate: 2021-03-15 13:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20179
 https://bugzilla.redhat.com/show_bug.cgi?id=1914379
Description:
 A flaw was found in pki-core. An attacker who has successfully compromised
 a key could use this flaw to renew the corresponding certificate over and
 over again, as long as it is not explicitly revoked. The highest threat
 from this vulnerability is to data confidentiality and integrity.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: high
Discovered-by: Fraser Tweedale, Geetika Kapoor
Assigned-to: pfsmorigo
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N [8.1 HIGH]


Patches_dogtag-pki:
 upstream: https://github.com/dogtagpki/pki/pull/3474 (v10.11)
 upstream: https://github.com/dogtagpki/pki/pull/3475 (v10.10)
 upstream: https://github.com/dogtagpki/pki/pull/3476 (v10.9)
 upstream: https://github.com/dogtagpki/pki/pull/3477 (v10.8)
 upstream: https://github.com/dogtagpki/pki/pull/3478 (v10.5)
upstream_dogtag-pki: released (10.10.2-2)
precise/esm_dogtag-pki: DNE
trusty_dogtag-pki: ignored (out of standard support)
trusty/esm_dogtag-pki: DNE
xenial_dogtag-pki: not-affected (code not present)
bionic_dogtag-pki: needed
focal_dogtag-pki: needed
groovy_dogtag-pki: ignored (reached end-of-life)
hirsute_dogtag-pki: released (10.10.2-2)
impish_dogtag-pki: released (10.10.2-2)
jammy_dogtag-pki: released (10.10.2-2)
devel_dogtag-pki: released (10.10.2-2)