Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2019-10179

Published: 20 March 2020

A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.

Priority

Low

Cvss 3 Severity Score

6.1

Score breakdown

Status

Package Release Status
dogtag-pki
Launchpad, Ubuntu, Debian
groovy Not vulnerable

hirsute Not vulnerable

impish Not vulnerable

xenial Needs triage

jammy Not vulnerable

kinetic Not vulnerable

lunar Not vulnerable

bionic Needed

eoan Ignored
(end of life)
focal Needed

trusty Does not exist

upstream
Released (10.9.0-b3)
mantic Not vulnerable

Patches:
upstream: https://github.com/dogtagpki/pki/commit/8884b4344225bd6656876d9e2a58b3268e9a899b
upstream: https://github.com/dogtagpki/pki/pull/488/commits/90780440a2617fa87362e56319edff48505ba40d

Severity score breakdown

Parameter Value
Base score 6.1
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Scope Changed
Confidentiality Low
Integrity impact Low
Availability impact None
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N