CVE-2025-26787 (CNNVD-202512-3958)
中文标题:
Keyfactor SignServer 安全漏洞
英文标题:
An error in the SignServer container startup logic was found in Keyfactor SignServer versions prior ...
漏洞描述
中文描述:
Keyfactor SignServer是美国Keyfactor公司的一个数字签名引擎。 Keyfactor SignServer 7.2之前版本存在安全漏洞,该漏洞源于容器启动逻辑错误,可能导致重置配置为allowany。
英文描述:
An error in the SignServer container startup logic was found in Keyfactor SignServer versions prior to 7.2. The Admin CLI command used to configure Certificate access to the initial startup of the container sets a property of "allowany" to allow any user with a valid and trusted client auth certificate to connect. Admins can then set more restricted access to specific certificates. A logic error caused this admin CLI command to be run on each restart of the container instead of only the first startup as intended resetting the configuration to "allowany".
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| keyfactor | signserver | * | - | - |
cpe:2.3:a:keyfactor:signserver:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.1 (adp)
MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-26787 |
2025-12-23 04:10:03 | 2026-01-12 02:11:26 |
| NVD | nvd_CVE-2025-26787 |
2026-01-06 03:00:09 | 2026-01-12 02:27:37 |
| CNNVD | cnnvd_CNNVD-202512-3958 |
2026-01-11 06:15:04 | 2026-01-12 02:38:04 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202512-3958
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 0 -> 1
- data_sources: ['cve'] -> ['cve', 'nvd']