NIXPKGS-2025-0019
published on 26 Sep 2025
by @Erethon Activity log
- Created automatic suggestion
- @Erethon accepted
- @Erethon published on GitHub
Ca: token authentication bypass vulnerability
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
Affected products
keycloak
- <11.5.1
pki-core
- *
pki-core:10.6
- *
redhat-pki:10
- *
pki-core:10.6/pki-core
redhat-pki:10/pki-core
Matching in nixpkgs
pkgs.keycloak
Identity and access management for modern applications and services
-
nixos-25.05 -
- nixos-25.05-small 26.2.5
pkgs.terraform-providers.keycloak
None
-
nixos-25.05 -
- nixos-25.05-small 5.2.0
pkgs.python311Packages.python-keycloak
Provides access to the Keycloak API
pkgs.python312Packages.python-keycloak
Provides access to the Keycloak API
-
nixos-25.05 -
- nixos-25.05-small 4.0.0
Package maintainers
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@ngerstle Nicholas Gerstle <ngerstle@gmail.com>
-
@talyz Kim Lindberger <kim.lindberger@gmail.com>