{"api_version":"1","generated_at":"2026-04-23T01:32:27+00:00","cve":"CVE-2021-20179","urls":{"html":"https://cve.report/CVE-2021-20179","api":"https://cve.report/api/cve/CVE-2021-20179.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-20179","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-20179"},"summary":{"title":"CVE-2021-20179","description":"A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2021-03-15 13:15:00","updated_at":"2023-11-07 03:28:00"},"problem_types":["CWE-863"],"metrics":[],"references":[{"url":"https://github.com/dogtagpki/pki/pull/3478","name":"https://github.com/dogtagpki/pki/pull/3478","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"CVE-2021-20179: Fix renewal profile approval process - v10.5 by cipherboy · Pull Request #3478 · dogtagpki/pki · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDOLFOLEIV7I4EUC3SCZBXL6E2ER7ZEN/","name":"FEDORA-2021-6c412a4601","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 33 Update: pki-core-10.10.5-5.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/dogtagpki/pki/pull/3474","name":"https://github.com/dogtagpki/pki/pull/3474","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"CVE-2021-20179: Fix renewal profile approval process - v10.11 by cipherboy · Pull Request #3474 · dogtagpki/pki · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRE44N6P24AEDKRMWK7RPRLMCUUBRJII/","name":"FEDORA-2021-344dd24c84","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: pki-core-10.10.5-5.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/dogtagpki/pki/pull/3475","name":"https://github.com/dogtagpki/pki/pull/3475","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"CVE-2021-20179: Fix renewal profile approval process - v10.10 by cipherboy · Pull Request #3475 · dogtagpki/pki · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/dogtagpki/pki/pull/3476","name":"https://github.com/dogtagpki/pki/pull/3476","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"CVE-2021-20179: Fix renewal profile approval process - v10.9 by cipherboy · Pull Request #3476 · dogtagpki/pki · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRE44N6P24AEDKRMWK7RPRLMCUUBRJII/","name":"FEDORA-2021-344dd24c84","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 32 Update: pki-core-10.10.5-5.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://github.com/dogtagpki/pki/pull/3477","name":"https://github.com/dogtagpki/pki/pull/3477","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"CVE-2021-20179: Fix renewal profile approval process - v10.8 by cipherboy · Pull Request #3477 · dogtagpki/pki · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3I7BRAHLE2WWSY76W3CKFCF5WSSAE24/","name":"FEDORA-2021-c0d6637ca5","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: dogtag-pki-10.10.5-3.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDOLFOLEIV7I4EUC3SCZBXL6E2ER7ZEN/","name":"FEDORA-2021-6c412a4601","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: pki-core-10.10.5-5.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1914379","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1914379","refsource":"MISC","tags":["Issue Tracking","Patch","Third Party Advisory"],"title":"1914379 – (CVE-2021-20179) CVE-2021-20179 pki-core: Unprivileged users can renew any certificate","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3I7BRAHLE2WWSY76W3CKFCF5WSSAE24/","name":"FEDORA-2021-c0d6637ca5","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: dogtag-pki-10.10.5-3.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-20179","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20179","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"20179","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dogtagpki","cpe5":"dogtagpki","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20179","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20179","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20179","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20179","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"certificate_system","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20179","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20179","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-20179","qid":"159122","title":"Oracle Enterprise Linux Security Update for pki-core:10.6 (ELSA-2021-0966)"},{"cve":"CVE-2021-20179","qid":"179649","title":"Debian Security Update for dogtag-pki (CVE-2021-20179)"},{"cve":"CVE-2021-20179","qid":"239176","title":"Red Hat Update for pki-core (RHSA-2021:0851)"},{"cve":"CVE-2021-20179","qid":"239195","title":"Red Hat Update for pki-core (RHSA-2021:0975)"},{"cve":"CVE-2021-20179","qid":"239196","title":"Red Hat Update for pki-core:10.6 (RHSA-2021:0966)"},{"cve":"CVE-2021-20179","qid":"239239","title":"Red Hat Update for pki-core:10.6 (RHSA-2021:1263)"},{"cve":"CVE-2021-20179","qid":"257068","title":"CentOS Security Update for pki-core (CESA-2021:0851)"},{"cve":"CVE-2021-20179","qid":"281480","title":"Fedora Security Update for pki (FEDORA-2021-344dd24c84)"},{"cve":"CVE-2021-20179","qid":"281481","title":"Fedora Security Update for pki (FEDORA-2021-6c412a4601)"},{"cve":"CVE-2021-20179","qid":"281505","title":"Fedora Security Update for dogtag (FEDORA-2021-c0d6637ca5)"},{"cve":"CVE-2021-20179","qid":"352268","title":"Amazon Linux Security Advisory for pki-core: ALAS2-2021-1630"},{"cve":"CVE-2021-20179","qid":"376912","title":"Alibaba Cloud Linux Security Update for pki-core (ALINUX2-SA-2021:0014)"},{"cve":"CVE-2021-20179","qid":"376921","title":"Alibaba Cloud Linux Security Update for pki-core:10.6 (ALINUX3-SA-2021:0020)"},{"cve":"CVE-2021-20179","qid":"670245","title":"EulerOS Security Update for pki-core (EulerOS-SA-2021-1831)"},{"cve":"CVE-2021-20179","qid":"670314","title":"EulerOS Security Update for pki-core (EulerOS-SA-2021-1910)"},{"cve":"CVE-2021-20179","qid":"670339","title":"EulerOS Security Update for pki-core (EulerOS-SA-2021-1885)"},{"cve":"CVE-2021-20179","qid":"670869","title":"EulerOS Security Update for pki-core (EulerOS-SA-2021-1910)"},{"cve":"CVE-2021-20179","qid":"940140","title":"AlmaLinux Security Update for pki-core:10.6 (ALSA-2021:0966)"},{"cve":"CVE-2021-20179","qid":"960719","title":"Rocky Linux Security Update for pki-core:10.6 (RLSA-2021:0966)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-20179","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"pki-core","version":{"version_data":[{"version_value":"pki-core 10.5, pki-core 10.8, pki-core 10.9, pki-core 10.10, pki-core 10.11"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-863"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1914379","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1914379"},{"refsource":"MISC","name":"https://github.com/dogtagpki/pki/pull/3478","url":"https://github.com/dogtagpki/pki/pull/3478"},{"refsource":"MISC","name":"https://github.com/dogtagpki/pki/pull/3477","url":"https://github.com/dogtagpki/pki/pull/3477"},{"refsource":"MISC","name":"https://github.com/dogtagpki/pki/pull/3476","url":"https://github.com/dogtagpki/pki/pull/3476"},{"refsource":"MISC","name":"https://github.com/dogtagpki/pki/pull/3475","url":"https://github.com/dogtagpki/pki/pull/3475"},{"refsource":"MISC","name":"https://github.com/dogtagpki/pki/pull/3474","url":"https://github.com/dogtagpki/pki/pull/3474"},{"refsource":"FEDORA","name":"FEDORA-2021-c0d6637ca5","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3I7BRAHLE2WWSY76W3CKFCF5WSSAE24/"},{"refsource":"FEDORA","name":"FEDORA-2021-344dd24c84","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRE44N6P24AEDKRMWK7RPRLMCUUBRJII/"},{"refsource":"FEDORA","name":"FEDORA-2021-6c412a4601","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDOLFOLEIV7I4EUC3SCZBXL6E2ER7ZEN/"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity."}]}},"nvd":{"publishedDate":"2021-03-15 13:15:00","lastModifiedDate":"2023-11-07 03:28:00","problem_types":["CWE-863"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":8.1,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5.5},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dogtagpki:dogtagpki:*:*:*:*:*:*:*:*","versionStartIncluding":"10.5.1","versionEndExcluding":"10.8.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dogtagpki:dogtagpki:*:*:*:*:*:*:*:*","versionEndExcluding":"10.5.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dogtagpki:dogtagpki:*:*:*:*:*:*:*:*","versionStartIncluding":"10.10.1","versionEndExcluding":"10.11.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dogtagpki:dogtagpki:*:*:*:*:*:*:*:*","versionStartIncluding":"10.9.1","versionEndExcluding":"10.10.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dogtagpki:dogtagpki:*:*:*:*:*:*:*:*","versionStartIncluding":"10.8.1","versionEndExcluding":"10.9.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:certificate_system:10.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"20179","Ordinal":"194220","Title":"CVE-2021-20179","CVE":"CVE-2021-20179","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"20179","Ordinal":"1","NoteData":"A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"20179","Ordinal":"2","NoteData":"2021-03-15","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"20179","Ordinal":"3","NoteData":"2021-03-19","Type":"Other","Title":"Modified"}]}}}