in

pki-core XML external entity (XXE) Bug (CVE-2022-2414)

Red Hat Certificate System is an enterprise software system designed to manage enterprise public key infrastructure (PKI) deployments. PKI Core contains fundamental packages required by Red Hat Certificate System, which comprise the Certificate Authority (CA) subsystem.

About Vulnerability (CVE-2022-2414)

A flaw was found in pki-core. Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.

Mitigation

There is no known mitigation for this issue, please update the affected package as soon as possible.

PlatformPackageState
Red Hat Certificate System 10pki-coreAffected
Red Hat Certificate System 9 pki-coreAffected
Red Hat Enterprise Linux 6pki-coreOut of support scope
Red Hat Enterprise Linux 7pki-coreFixed
Red Hat Enterprise Linux 8pki-core:10.6Fixed
Red Hat Enterprise Linux 9pki-coreFixed

Acknowledgment

The bugs have been discovered by Egor Dimitrenko (Positive Technologies)

Exploit Code

Yes, the exploit code is available. You can check the exploit here.

What do you think?

Written by SH

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

CVE-2022-21661 – WordPress Core 5.8.2 – ‘WP_Query’ SQL Injection

Exploring Chrome’s CVE-2020-6418 – Part1