CNNVD-202512-3280 Information

CNNVD ID

CNNVD-202512-3280

Related CVE

CVE-2025-44005

• CNNVD Published: 2025-12-17

Description (Chinese)

Smallstep step-ca是美国Smallstep公司的一个面向DevOps的安全、自动化证书管理的在线证书颁发机构。 Smallstep step-ca存在安全漏洞，该漏洞源于授权检查被绕过，可能导致未完成协议授权检查即创建证书。

Description (English)

Smallstep step-ca is an online certification agency for the security, automated certificate management of DevOps at Smallstep, United States. There is a security loophole in Smallstep step-ca, which stems from the circumvention of authorized inspections, which may result in the creation of certificates without the completion of the protocol-mandated inspections.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Smallstep

Published

2025-12-17

Last Modified

2026-02-24

References

https://github.com/smallstep/certificates/security/advisories/GHSA-h8cp-697h-8c8p https://talosintelligence.com/vulnerability_reports/TALOS-2025-2242

Patch

https://github.com/smallstep/certificates/releases