Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2021-3551

Published: 16 February 2022

A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.

Priority

Low

Cvss 3 Severity Score

7.8

Score breakdown

Status

Package Release Status
dogtag-pki
Launchpad, Ubuntu, Debian
groovy Ignored
(end of life)
xenial Needs triage

bionic Needs triage

focal Needs triage

jammy Needs triage

trusty Does not exist

upstream
Released (10.11.0-alpha2)
impish Ignored
(end of life)
hirsute Ignored
(end of life)
kinetic Ignored
(end of life, was needs-triage)
lunar Not vulnerable
(11.0.3-4)
mantic Not vulnerable
(11.0.3-4)
Patches:
upstream: https://github.com/dogtagpki/pki/commit/0c2f3b84499584bb6029f5ba3988ed3cb081e548
upstream: https://github.com/dogtagpki/pki/commit/b01cd8cc7d3e391e69ed2c8161f7e15fa84553e6
upstream: https://github.com/dogtagpki/pki/commit/5b09fcaff11d33010469e695ef365a91c91674b5

Severity score breakdown

Parameter Value
Base score 7.8
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H