Candidate: CVE-2021-3551
PublicDate: 2022-02-16 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3551
 https://bugzilla.redhat.com/show_bug.cgi?id=1959971
 https://rhn.redhat.com/errata/RHSA-2021-2235.html
Description:
 A flaw was found in the PKI-server, where the spkispawn command, when run
 in debug mode, stores admin credentials in the installation log file. This
 flaw allows a local attacker to retrieve the file to obtain the admin
 password and gain admin privileges to the Dogtag CA manager. The highest
 threat from this vulnerability is to confidentiality.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to: pfsmorigo
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_dogtag-pki:
 upstream: https://github.com/dogtagpki/pki/commit/0c2f3b84499584bb6029f5ba3988ed3cb081e548
 upstream: https://github.com/dogtagpki/pki/commit/b01cd8cc7d3e391e69ed2c8161f7e15fa84553e6
 upstream: https://github.com/dogtagpki/pki/commit/5b09fcaff11d33010469e695ef365a91c91674b5
upstream_dogtag-pki: released (10.11.0-alpha2)
trusty_dogtag-pki: ignored (out of standard support)
trusty/esm_dogtag-pki: DNE
xenial_dogtag-pki: ignored (out of standard support)
bionic_dogtag-pki: needs-triage
focal_dogtag-pki: needs-triage
groovy_dogtag-pki: ignored (reached end-of-life)
hirsute_dogtag-pki: ignored (reached end-of-life)
impish_dogtag-pki: needs-triage
jammy_dogtag-pki: needs-triage
devel_dogtag-pki: needs-triage