{"id":"CVE-2022-2414","details":"Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.","modified":"2026-05-18T05:55:43.332805854Z","published":"2022-07-29T18:58:57Z","related":["ALSA-2022:7326","ALSA-2022:7470"],"database_specific":{"cwe_ids":["CWE-611"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/2xxx/CVE-2022-2414.json","cna_assigner":"redhat","unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"last_affected":"Affected versions: 10.5.18, 10.7.4, 10.8.3, 10.11.2, 10.12.4, 11.0.5, 11.1.0"}]}]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/2xxx/CVE-2022-2414.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2414"},{"type":"FIX","url":"https://github.com/dogtagpki/pki/pull/4021"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dogtagpki/pki","events":[{"introduced":"0"},{"last_affected":"ba48744b071fa5aa0dc04886745710699ca24139"},{"last_affected":"4c98ff89cfaeb5e7f0bf1a48455cb725dc8602a9"},{"last_affected":"b55549ae53cd230b1177f0cd77243300a86dd332"},{"last_affected":"9ecbea99affda2b6256237a81be7fc6d954b3e52"},{"last_affected":"53047622d27827ba78e69ed33cd157b663f0a4e9"},{"last_affected":"44e8eb9642bcb602d915eed36a838f63cf35836a"},{"last_affected":"bb1c6169b29e3e8fd53f30dd703ddb906ba08ddf"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"10.5.18"},{"last_affected":"10.7.4"},{"last_affected":"10.8.3"},{"last_affected":"10.11.2"},{"last_affected":"10.12.4"},{"last_affected":"11.0.5"},{"last_affected":"11.1.0"}],"cpe":["cpe:2.3:a:dogtagpki:dogtagpki:10.5.18:*:*:*:*:*:*:*","cpe:2.3:a:dogtagpki:dogtagpki:10.7.4:*:*:*:*:*:*:*","cpe:2.3:a:dogtagpki:dogtagpki:10.8.3:*:*:*:*:*:*:*","cpe:2.3:a:dogtagpki:dogtagpki:10.11.2:*:*:*:*:*:*:*","cpe:2.3:a:dogtagpki:dogtagpki:10.12.4:*:*:*:*:*:*:*","cpe:2.3:a:dogtagpki:dogtagpki:11.0.5:*:*:*:*:*:*:*","cpe:2.3:a:dogtagpki:dogtagpki:11.1.0:*:*:*:*:*:*:*"]}}],"versions":["v11.0.5","v11.1.0","v11.0.3","v10.12.4","v11.0.2","v11.1.0-alpha2","v11.1.0-alpha1","v10.12.0","v11.0.0","v10.11.2","v11.0.0-beta1","v10.11.1","v10.11.0","v11.0.0-alpha1","v10.11.0-alpha3","v10.11.0-alpha2","v10.11.0-alpha1","v10.10.1","v10.10.0","v10.10.0-b1","v10.9.0","v10.9.0-b4","v10.9.0-b3","v10.9.0-b2","v10.9.0-b1","v10.9.0-a2","v10.9.0-a1","v10.5.18","v10.8.3","v10.8.2","v10.8.1","v10.8.0","v10.8.0-b3","v10.8.0-b2","v10.8.0-b1","v10.8.0-a2","v10.7.4","v10.8.0-a1","v10.7.3","v10.5.17","v10.7.2","v10.7.1","v10.7.0","v10.5.16","v10.6.9","v10.6.8","v10.6.7","v10.5.12","v10.6.6","v10.6.5","v10.5.11","v10.5.10","v10.6.4","v10.6.3","v10.5.9","v10.6.2","v10.5.8","v10.6.1","v10.6.0-rc","v10.6.0","v10.6.0-beta2","v10.5.7","v10.6.0-beta","v10.5.6","v10.5.5","v10.5.4","v10.5.3","v10.5.2","v10.5.1","DOGTAG_10_5_1_FEDORA_27","v10.5.0","DOGTAG_10_5_0_FEDORA_27","v10.4.8","DOGTAG_10_4_8_FEDORA_27","v10.4.7","DOGTAG_10_4_FEDORA_27_20170612","DOGTAG_10_4_FEDORA_27_20170605","v10.4.6","DOGTAG_10_4_FEDORA_27_20170530","v10.4.5","DOGTAG_10_4_FEDORA_27_20170522","v10.4.4","DOGTAG_10_4_FEDORA_27_20170509","v10.4.3","DOGTAG_10_4_FEDORA_27_20170501","v10.4.2","DOGTAG_10_4_FEDORA_27_20170413","v10.4.1","DOGTAG_10_4_FEDORA_27_20170331","v10.3.5","DOGTAG_10_3_5_FEDORA_24_20160808","v10.3.4","DOGTAG_10_3_4_FEDORA_24_20160705","v10.3.3","DOGTAG_10_3_3_FEDORA_24_20160620","v10.3.2","DOGTAG_10_3_2_FEDORA_24_20160607","v10.3.1","DOGTAG_10_3_1_FEDORA_24_20160517","v10.3.0","DOGTAG_10_3_0_FEDORA_24_20160516","DOGTAG_10_3_0_b1_FEDORA_24_BETA_20160418","DOGTAG_10_3_0_a2_FEDORA_24_ALPHA_20160407","DOGTAG_10_3_0_a1_FEDORA_24_ALPHA_20160307","DOGTAG_10_2_20150808","v10.2.6","DOGTAG_10_2_6_FEDORA_22_23_20150718","v10.2.5","DOGTAG_10_2_5_FEDORA_22_20150619","v10.2.4","DOGTAG_10_2_4_FEDORA_22_20150526","v10.2.3","DOGTAG_10_2_3_FEDORA_22_20150423","v10.2.2","DOGTAG_10_2_2_FEDORA_22_20150318","v10.2.1","DOGTAG_10_2_1_FEDORA_22_20150108","v10.2.0","pki-core-10.2.0-3","pki-core-10.2.1-0.1","DOGTAG_10_2_0_ALPHA_FEDORA_21_20140909","v10.1.0","DOGTAG_10_1_0_GA_FEDORA_20_20131121","DOGTAG_10_1_0_BETA_FEDORA_20_20131111","DOGTAG_10_1_0_BETA_20131111","v10.0.2","DOGTAG_10_0_2_FEDORA_18_19_20130507","DOGTAG_10_0_0_ALPHA_FEDORA_16_17_20120314"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-2414.json"}}],"schema_version":"1.7.5"}