{"api_version":"1","generated_at":"2026-04-23T04:34:35+00:00","cve":"CVE-2022-2393","urls":{"html":"https://cve.report/CVE-2022-2393","api":"https://cve.report/api/cve/CVE-2022-2393.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-2393","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-2393"},"summary":{"title":"CVE-2022-2393","description":"A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2022-07-14 15:15:00","updated_at":"2023-06-30 18:53:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://access.redhat.com/errata/RHSA-2022:7077","name":"https://access.redhat.com/errata/RHSA-2022:7077","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2101046","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2101046","refsource":"MISC","tags":[],"title":"2101046 – (CVE-2022-2393) CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2022:7086","name":"https://access.redhat.com/errata/RHSA-2022:7086","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2022-2393","name":"https://access.redhat.com/security/cve/CVE-2022-2393","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-2393","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2393","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"2393","vulnerable":"1","versionEndIncluding":"10.12.4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"pki-core_project","cpe5":"pki-core","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2393","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"certificate_system","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2393","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"certificate_system","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2393","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2393","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2393","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2393","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-2393","qid":"160165","title":"Oracle Enterprise Linux Security Update for pki-core (ELSA-2022-7086)"},{"cve":"CVE-2022-2393","qid":"160617","title":"Oracle Enterprise Linux Security Update for pki-core (ELSA-2023-2293)"},{"cve":"CVE-2022-2393","qid":"240770","title":"Red Hat Update for pki-core (RHSA-2022:7086)"},{"cve":"CVE-2022-2393","qid":"241443","title":"Red Hat Update for pki-core security (RHSA-2023:2293)"},{"cve":"CVE-2022-2393","qid":"241564","title":"Red Hat Update for pki-core:10.6 (RHSA-2023:3394)"},{"cve":"CVE-2022-2393","qid":"356424","title":"Amazon Linux Security Advisory for pki-core : ALAS2-2023-2304"},{"cve":"CVE-2022-2393","qid":"377710","title":"Alibaba Cloud Linux Security Update for pki-core (ALINUX2-SA-2022:0047)"},{"cve":"CVE-2022-2393","qid":"941054","title":"AlmaLinux Security Update for pki-core (ALSA-2023:2293)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-2393","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-285","cweId":"CWE-285"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"pki-core","version":{"version_data":[{"version_affected":"=","version_value":"pki-core versions 10.12.4 and prior are affected."}]}}]}}]}},"references":{"reference_data":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2101046","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2101046"}]}},"nvd":{"publishedDate":"2022-07-14 15:15:00","lastModifiedDate":"2023-06-30 18:53:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.7,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.1,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:pki-core_project:pki-core:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.4","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:certificate_system:9.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:certificate_system:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}