CyberSec.Space Logo
Back to CVE Browser

CVE-2012-6119

LOW
2.1
CVSS Severity Score
EPSS Score0.0410%
EPSS Percentile21.25th
PublishedApr 2, 2013
Last ModifiedApr 29, 2026

Vulnerability Description

Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.

Affected Platforms (CPE)

πŸ“¦
Candlepinproject

Candlepin

<= 0.7.2
πŸ“¦
Candlepinproject

Candlepin

= 0.4.5
πŸ“¦
Candlepinproject

Candlepin

= 0.4.11
πŸ“¦
Candlepinproject

Candlepin

= 0.4.27
πŸ“¦
Candlepinproject

Candlepin

= 0.5.5
πŸ“¦
Candlepinproject

Candlepin

= 0.6.3
πŸ“¦
Redhat

Subscription Asset Manager

<= 1.2.0
πŸ“¦
Redhat

Subscription Asset Manager

= 1.0.0
πŸ“¦
Redhat

Subscription Asset Manager

= 1.1.0

References & Advisories

πŸ”— http://rhn.redhat.com/errata/RHSA-2013-0686.html
πŸ”— http://secunia.com/advisories/52774
πŸ”— http://www.osvdb.org/91719
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=908613
πŸ”— https://github.com/candlepin/candlepin/blob/master/candlepin.spec
πŸ”— https://github.com/candlepin/candlepin/commit/f4d93230e58b969c506b4c9778e04482a059b08c
πŸ”— http://rhn.redhat.com/errata/RHSA-2013-0686.html
πŸ”— http://secunia.com/advisories/52774

Related Vulnerabilities

CVE-2013-64399.3

Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does...

CVE-2019-38917.8

It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials ...

CVE-2015-51876.5

Candlepin allows remote attackers to obtain sensitive information by obtaining Java exception statements as a result of excessive ...

CVE-2021-41425.5

The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker ...