Uploaded image for project: 'Hybrid Cloud Console'
  1. Hybrid Cloud Console
  2. RHCLOUD-44093

CVE-2025-44005 ocp-advisor-frontend: github.com/smallstep/certificates: Authorization bypass allows unauthorized certificate creation [services-ccx-default]

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • None
    • insights-advisor-tasks
    • None
    • CVEORG
    • CVE-2025-44005
    • 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
    • CWE-287
    • ocp-advisor-frontend
    • github.com/smallstep/certificates
    • False
    • Critical

      ** Note that this is a public ticket, please refrain from adding any sensitive data. **

      Security Tracking Issue

      Do not make this issue public.

      Flaw:

      github.com/smallstep/certificates: Authorization bypass allows unauthorized certificate creation

      An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks.

      ~~~

      The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
      https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams

      Tracker accuracy feedback form: https://docs.google.com/forms/d/e/1FAIpQLSfa6zTaEGohRdiIqGVAvWTSAL0kpO_DkkEICuIHzQHFwmKswg/viewform

              Unassigned Unassigned
              rhn-support-saroy Sandipan Roy
              Kent Aycoth
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: