Multiple security issues were found in FreeIPA's 'ca' plugin. Any authenticated but unauthorised user can delete, disable or enable CAs in Dogtag. The impact in the deletion case is denial of service for cert issuance or OCSP signing, and deletion of secret keys. The impact for disablement is denial of service for cert issuance.
master:
ipa-4-4:
Metadata Update from @jcholast: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1413137 - Custom field tester adjusted to wanted
Metadata Update from @jcholast: - Issue close_status updated to: fixed - Issue set to the milestone: FreeIPA 4.4.4 - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.