How severe is CVE-2020-28942?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2020-28942?

This is classified as CWE-295, which is a common weakness in software security.

CVE-2020-28942 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of EJBCA's domain security model, the peer connector allows the restriction of client certificates (for the RA, not the end user) to a limited set of allowed CAs, thus restricting the accessibility of that RA to the rights it has within a specific role. While this works for other protocols such as CMP, it was found that the EJBCA enrollment over an EST implementation bypasses this check, allowing enrollment with a valid client certificate through any functioning and authenticated RA connected to the CA. NOTE: an attacker must already have a trusted client certificate and authorization to enroll against the targeted CA.

Related Vulnerabilities

CVE-2019-9148

MEDIUM

CVSS:4.3(Medium)

Mailvelope prior to 3.3.0 accepts or operates with invalid PGP public keys: Mailvelope allows importing keys that contain users without a valid self-certification. Keys that are obviously invalid are ...

CWE-2952019

CVE-2020-10659

MEDIUM

CVSS:4.3(Medium)

Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows mishandles errors during SSL Certificate Validation, leading to situations where (for example) a user continues to interact with ...

CWE-2952020

CVE-2020-16197

MEDIUM

CVSS:4.3(Medium)

An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potential...

CWE-2952020

CVE-2020-6529

MEDIUM

CVSS:4.3(Medium)

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page.

CWE-2952020

CVE-2021-32755

MEDIUM

CVSS:4.3(Medium)

Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a...

CWE-2952021

CVE-2022-22380

MEDIUM

CVSS:4.3(Medium)

IBM Security Verify Privilege On-Premises 11.5 could allow an attacker to spoof a trusted entity due to improperly validating certificates. IBM X-Force ID: 221957.

CWE-2952022