{"id":"USN-7146-1","summary":"dogtag-pki vulnerabilities","details":"Christina Fu discovered that Dogtag PKI accidentally enabled a mock\nauthentication plugin by default. An attacker could potentially use\nthis flaw to bypass the regular authentication process and trick the\nCA server into issuing certificates. This issue only affected Ubuntu\n16.04 LTS. (CVE-2017-7537)\n\nIt was discovered that Dogtag PKI did not properly sanitize user\ninput. An attacker could possibly use this issue to perform cross site\nscripting and obtain sensitive information. This issue only affected\nUbuntu 22.04 LTS. (CVE-2020-25715)\n\nIt was discovered that the XML parser did not properly handle entity\nexpansion. A remote attacker could potentially retrieve the content of\narbitrary files by sending specially crafted HTTP requests. This issue\nonly affected Ubuntu 16.04 LTS. (CVE-2022-2414)\n","modified":"2026-02-10T04:45:56Z","published":"2024-12-10T08:54:16Z","related":["UBUNTU-CVE-2017-7537","UBUNTU-CVE-2020-25715","UBUNTU-CVE-2022-2414"],"upstream":["CVE-2017-7537","CVE-2020-25715","CVE-2022-2414","UBUNTU-CVE-2017-7537","UBUNTU-CVE-2020-25715","UBUNTU-CVE-2022-2414"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7146-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-7537"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-25715"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-2414"}],"affected":[{"package":{"name":"dogtag-pki","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/dogtag-pki@10.2.6+git20160317-1ubuntu0.1~esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.2.6+git20160317-1ubuntu0.1~esm1"}]}],"versions":["10.2.6-1","10.2.6-2","10.2.6-3","10.2.6+git20160317-1"],"ecosystem_specific":{"binaries":[{"binary_version":"10.2.6+git20160317-1ubuntu0.1~esm1","binary_name":"dogtag-pki"},{"binary_version":"10.2.6+git20160317-1ubuntu0.1~esm1","binary_name":"dogtag-pki-console-theme"},{"binary_version":"10.2.6+git20160317-1ubuntu0.1~esm1","binary_name":"dogtag-pki-server-theme"},{"binary_version":"10.2.6+git20160317-1ubuntu0.1~esm1","binary_name":"libsymkey-java"},{"binary_version":"10.2.6+git20160317-1ubuntu0.1~esm1","binary_name":"libsymkey-jni"},{"binary_version":"10.2.6+git20160317-1ubuntu0.1~esm1","binary_name":"pki-base"},{"binary_version":"10.2.6+git20160317-1ubuntu0.1~esm1","binary_name":"pki-ca"},{"binary_version":"10.2.6+git20160317-1ubuntu0.1~esm1","binary_name":"pki-console"},{"binary_version":"10.2.6+git20160317-1ubuntu0.1~esm1","binary_name":"pki-javadoc"},{"binary_version":"10.2.6+git20160317-1ubuntu0.1~esm1","binary_name":"pki-kra"},{"binary_version":"10.2.6+git20160317-1ubuntu0.1~esm1","binary_name":"pki-ocsp"},{"binary_version":"10.2.6+git20160317-1ubuntu0.1~esm1","binary_name":"pki-server"},{"binary_version":"10.2.6+git20160317-1ubuntu0.1~esm1","binary_name":"pki-tks"},{"binary_version":"10.2.6+git20160317-1ubuntu0.1~esm1","binary_name":"pki-tools"},{"binary_version":"10.2.6+git20160317-1ubuntu0.1~esm1","binary_name":"pki-tps"},{"binary_version":"10.2.6+git20160317-1ubuntu0.1~esm1","binary_name":"pki-tps-client"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7146-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-7537"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-25715"}],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}},{"package":{"name":"dogtag-pki","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/dogtag-pki@11.0.0-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.0.0-1ubuntu0.1~esm1"}]}],"versions":["10.10.2-3build1","11.0.0-1"],"ecosystem_specific":{"binaries":[{"binary_version":"11.0.0-1ubuntu0.1~esm1","binary_name":"dogtag-pki"},{"binary_version":"11.0.0-1ubuntu0.1~esm1","binary_name":"dogtag-pki-console-theme"},{"binary_version":"11.0.0-1ubuntu0.1~esm1","binary_name":"dogtag-pki-server-theme"},{"binary_version":"11.0.0-1ubuntu0.1~esm1","binary_name":"libsymkey-java"},{"binary_version":"11.0.0-1ubuntu0.1~esm1","binary_name":"libsymkey-jni"},{"binary_version":"11.0.0-1ubuntu0.1~esm1","binary_name":"pki-base"},{"binary_version":"11.0.0-1ubuntu0.1~esm1","binary_name":"pki-base-java"},{"binary_version":"11.0.0-1ubuntu0.1~esm1","binary_name":"pki-ca"},{"binary_version":"11.0.0-1ubuntu0.1~esm1","binary_name":"pki-console"},{"binary_version":"11.0.0-1ubuntu0.1~esm1","binary_name":"pki-javadoc"},{"binary_version":"11.0.0-1ubuntu0.1~esm1","binary_name":"pki-kra"},{"binary_version":"11.0.0-1ubuntu0.1~esm1","binary_name":"pki-ocsp"},{"binary_version":"11.0.0-1ubuntu0.1~esm1","binary_name":"pki-server"},{"binary_version":"11.0.0-1ubuntu0.1~esm1","binary_name":"pki-tks"},{"binary_version":"11.0.0-1ubuntu0.1~esm1","binary_name":"pki-tools"},{"binary_version":"11.0.0-1ubuntu0.1~esm1","binary_name":"pki-tps"},{"binary_version":"11.0.0-1ubuntu0.1~esm1","binary_name":"pki-tps-client"},{"binary_version":"11.0.0-1ubuntu0.1~esm1","binary_name":"python3-pki-base"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7146-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-2414"}],"ecosystem":"Ubuntu:Pro:22.04:LTS"}}}],"schema_version":"1.7.3"}