CVE-2023-4727 HIGH

CVE-2023-4727: Ca: token authentication bypass vulnerability

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-305
Published June 11, 2024
Last update June 26, 2026

CVSS base score

7.5/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.

Key dates

02Disclosure timeline

June 11, 2024 CVE published
June 26, 2026 Record updated