CVE-2023-4727

一、漏洞信息
 漏洞编号：[CVE-2023-4727](https://nvd.nist.gov/vuln/detail/CVE-2023-4727)
 漏洞归属组件：[pki-core](https://gitee.com/src-openeuler/pki-core)
 漏洞归属的版本：10.7.3,11.0.0
 CVSS V3.0分值：
  BaseScore：7.5 High
  Vector：CVSS：3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
 漏洞简述：
  A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
 漏洞公开时间：2024-06-12 04:15:09
 漏洞创建时间：2024-06-12 12:58:40
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2023-4727
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
| secalert.redhat.com | https://access.redhat.com/errata/RHSA-2024:4051 |  |
| secalert.redhat.com | https://access.redhat.com/errata/RHSA-2024:4070 |  |
| secalert.redhat.com | https://access.redhat.com/errata/RHSA-2024:4164 |  |
| secalert.redhat.com | https://access.redhat.com/errata/RHSA-2024:4165 |  |
| secalert.redhat.com | https://access.redhat.com/errata/RHSA-2024:4179 |  |
| secalert.redhat.com | https://access.redhat.com/errata/RHSA-2024:4222 |  |
| secalert.redhat.com | https://access.redhat.com/errata/RHSA-2024:4367 |  |
| secalert.redhat.com | https://access.redhat.com/errata/RHSA-2024:4403 |  |
| secalert.redhat.com | https://access.redhat.com/errata/RHSA-2024:4413 |  |
| secalert.redhat.com | https://access.redhat.com/security/cve/CVE-2023-4727 |  |
| secalert.redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2232218 |  |
| redhat_bugzilla | https://github.com/dogtagpki/pki/commit/aa7161ba378caf5cf0471aafb679a842679c8388 | https://bugzilla.redhat.com/show_bug.cgi?id=2232218 |
| redhat_bugzilla | https://github.com/dogtagpki/pki/commit/54e5b3c5932ad634b5ddf5b1d4d88c9419d6f720 | https://bugzilla.redhat.com/show_bug.cgi?id=2232218 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:4051 | https://bugzilla.redhat.com/show_bug.cgi?id=2232218 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:4164 | https://bugzilla.redhat.com/show_bug.cgi?id=2232218 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:4165 | https://bugzilla.redhat.com/show_bug.cgi?id=2232218 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:4179 | https://bugzilla.redhat.com/show_bug.cgi?id=2232218 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:4222 | https://bugzilla.redhat.com/show_bug.cgi?id=2232218 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:4367 | https://bugzilla.redhat.com/show_bug.cgi?id=2232218 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:4403 | https://bugzilla.redhat.com/show_bug.cgi?id=2232218 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:4413 | https://bugzilla.redhat.com/show_bug.cgi?id=2232218 |
| ubuntu | https://www.cve.org/CVERecord?id=CVE-2023-4727 | https://ubuntu.com/security/CVE-2023-4727 |
| ubuntu | https://bugzilla.redhat.com/show_bug.cgi?id=2232218 | https://ubuntu.com/security/CVE-2023-4727 |
| ubuntu | https://access.redhat.com/security/cve/CVE-2023-4727 | https://ubuntu.com/security/CVE-2023-4727 |
| ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2023-4727 | https://ubuntu.com/security/CVE-2023-4727 |
| ubuntu | https://launchpad.net/bugs/cve/CVE-2023-4727 | https://ubuntu.com/security/CVE-2023-4727 |
| ubuntu | https://security-tracker.debian.org/tracker/CVE-2023-4727 | https://ubuntu.com/security/CVE-2023-4727 |
| debian |  | https://security-tracker.debian.org/tracker/CVE-2023-4727 |
| anolis |  | https://anas.openanolis.cn/cves/detail/CVE-2023-4727 |
| cve_search |  | https://access.redhat.com/security/cve/CVE-2023-4727 |
| cve_search |  | https://bugzilla.redhat.com/show_bug.cgi?id=2232218 |
| cve_search |  | https://access.redhat.com/errata/RHSA-2024:4051 |
| cve_search |  | https://access.redhat.com/errata/RHSA-2024:4070 |
| cve_search |  | https://access.redhat.com/errata/RHSA-2024:4164 |
| cve_search |  | https://access.redhat.com/errata/RHSA-2024:4165 |
| cve_search |  | https://access.redhat.com/errata/RHSA-2024:4179 |
| cve_search |  | https://access.redhat.com/errata/RHSA-2024:4222 |
| cve_search |  | https://access.redhat.com/errata/RHSA-2024:4367 |
| amazon_linux_explore | https://access.redhat.com/security/cve/CVE-2023-4727 | https://explore.alas.aws.amazon.com/CVE-2023-4727.html |
| amazon_linux_explore | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4727 | https://explore.alas.aws.amazon.com/CVE-2023-4727.html |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  openBrain开源漏洞感知系统
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源  |
| ------- | -------- | ------- | -------- | --------- |
|  |  | https://github.com/dogtagpki/pki/commit/aa7161ba378caf5cf0471aafb679a842679c8388 |  | redhat_bugzilla |
|  |  | https://github.com/dogtagpki/pki/commit/54e5b3c5932ad634b5ddf5b1d4d88c9419d6f720 |  | redhat_bugzilla |

</details>

二、漏洞分析结构反馈
 影响性分析说明：
  A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
 openEuler评分：
  7.5
 Vector：CVSS：3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
 受影响版本排查(受影响/不受影响)：
  1.master(11.0.0):受影响
2.openEuler-20.03-LTS-SP4(10.7.3):受影响
3.openEuler-22.03-LTS-SP3(11.0.0):受影响
4.openEuler-22.03-LTS-SP4(11.0.0):受影响
5.openEuler-24.03-LTS(11.0.0):受影响
6.openEuler-24.03-LTS-Next(11.0.0):受影响
7.openEuler-24.03-LTS-SP1(11.0.0):不受影响
8.openEuler-24.03-LTS-SP2(11.0.0):

修复是否涉及abi变化(是/否)：
  1.master(11.0.0):否
2.openEuler-20.03-LTS-SP4(10.7.3):否
3.openEuler-22.03-LTS-SP3(11.0.0):否
4.openEuler-22.03-LTS-SP4(11.0.0):否
5.openEuler-24.03-LTS(11.0.0):否
6.openEuler-24.03-LTS-Next(11.0.0):否
7.openEuler-24.03-LTS-SP1(11.0.0):否
8.openEuler-24.03-LTS-SP2(11.0.0):

原因说明：
  1.master(11.0.0):正常修复
2.openEuler-22.03-LTS-SP3(11.0.0):正常修复
3.openEuler-22.03-LTS-SP4(11.0.0):正常修复
4.openEuler-24.03-LTS(11.0.0):正常修复
5.openEuler-24.03-LTS-Next(11.0.0):正常修复
6.openEuler-20.03-LTS-SP4(10.7.3):暂不修复-待升级版本修复
7.openEuler-24.03-LTS-SP1(11.0.0):不受影响-漏洞代码不能被攻击者触发
8.openEuler-24.03-LTS-SP2(11.0.0):

src-openEuler/pki-core

内容风险标识

评论 (13)

src-openEuler/pki-core .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2023-4727

评论 (13)

搜索帮助

src-openEuler/pki-core