CVE Vulnerability

CVE-2021-4142

The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin.

5.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/candlepin/candlepin/pull/3199 Patch Third Party Advisory
https://github.com/candlepin/candlepin/pull/3198 Third Party Advisory
https://github.com/candlepin/candlepin/pull/3197 Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2034346 Issue Tracking Vendor Advisory
https://access.redhat.com/security/cve/CVE-2021-4142 Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:candlepinproject:candlepin:*:*:*:*:*:*:*:*
cpe:2.3:a:candlepinproject:candlepin:*:*:*:*:*:*:*:*
cpe:2.3:a:candlepinproject:candlepin:*:*:*:*:*:*:*:*
Information

Published : 2022-08-24 04:15

Updated : 2023-02-12 11:43

NVD link : CVE-2021-4142

Mitre link : CVE-2021-4142

Products Affected
No products.
CWE
CWE-287

CWE-639