CVE-2023-4727

Published: Jun 11, 2024

Modified: Nov 20, 2025

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.

Vendor	Product	Versions
Unknown	keycloak	affected `0 - < 11.5.1`
Red Hat	Red Hat Certificate System 10.4 EUS for RHEL-8	unaffected `8060020240529205458.07fb4edf - < *`
Red Hat	Red Hat Enterprise Linux 7	unaffected `0:10.5.18-32.el7_9 - < *`
Red Hat	Red Hat Enterprise Linux 8	unaffected `8100020240614102443.82f485b7 - < *`
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	unaffected `8040020240329193548.17df0a3f - < *`
Red Hat	Red Hat Enterprise Linux 8.4 Telecommunications Update Service	unaffected `8040020240329193548.17df0a3f - < *`
Red Hat	Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	unaffected `8040020240329193548.17df0a3f - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	unaffected `8060020240329182634.60523a7b - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	unaffected `8060020240329182634.60523a7b - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	unaffected `8060020240329182634.60523a7b - < *`
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	unaffected `8080020240329143735.693a3987 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:11.5.0-2.el9_4 - < *`
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	unaffected `0:11.0.6-3.el9_0 - < *`
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	unaffected `0:11.3.0-2.el9_2 - < *`
Red Hat	Red Hat Enterprise Linux 6	All versions