Vulnerabilities > Dogtagpki
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-04 | CVE-2022-4132 | Memory Leak vulnerability in multiple products A flaw was found in JSS. | 5.9 |
| 2022-02-16 | CVE-2021-3551 | Cleartext Storage of Sensitive Information vulnerability in multiple products A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. | 4.4 |
| 2021-05-28 | CVE-2020-25715 | Cross-site Scripting vulnerability in Dogtagpki 10.9.0 A flaw was found in pki-core 10.9.0. | 4.3 |
| 2021-04-30 | CVE-2020-1721 | Cross-site Scripting vulnerability in Dogtagpki 10.10.5 A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting (XSS) vulnerability. | 4.3 |
| 2021-03-15 | CVE-2021-20179 | Incorrect Authorization vulnerability in multiple products A flaw was found in pki-core. | 8.1 |
| 2020-07-14 | CVE-2020-15720 | Improper Certificate Validation vulnerability in Dogtagpki In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. | 4.0 |
| 2020-03-31 | CVE-2019-10180 | Cross-site Scripting vulnerability in multiple products A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. | 4.8 |
| 2020-03-20 | CVE-2020-1696 | Cross-site Scripting vulnerability in multiple products A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. | 5.4 |
| 2020-03-20 | CVE-2019-10221 | Cross-site Scripting vulnerability in multiple products A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. | 6.1 |
| 2020-03-20 | CVE-2019-10179 | Cross-site Scripting vulnerability in multiple products A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. | 6.1 |