dogtag-pki@10.7.4.1 vulnerabilities

dogtag-pki is a Client library for Dogtag Certificate System

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser.

Note: Fixed in 10.9.0

Upgrade dogtag-pki to version 11.2.1 or higher.

dogtag-pki is a Client library for Dogtag Certificate System

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.

There is no fixed version for dogtag-pki.

dogtag-pki is a Client library for Dogtag Certificate System

Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). The pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tools making use of this class, such as the pki-server command, may have been vulnerable to Person-in-the-Middle attacks in certain non-localhost use cases.

Note:This is fixed in 10.9.0-b1 which is not published on PyPi.

Upgrade dogtag-pki to version 11.2.1 or higher.