CyberSec.Space Logo
Back to CVE Browser

CVE-2021-4142

MEDIUM
5.5
CVSS Severity Score
EPSS Score0.1860%
EPSS Percentile23.81th
PublishedAug 24, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin.

Affected Platforms (CPE)

πŸ“¦
Candlepinproject

Candlepin

>= 3.1.0 and <= 3.1.28-2
πŸ“¦
Candlepinproject

Candlepin

>= 3.2.0 and <= 3.2.21-1
πŸ“¦
Candlepinproject

Candlepin

>= 4.1.0 and <= 4.1.8-1

References & Advisories

πŸ”— https://access.redhat.com/security/cve/CVE-2021-4142
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=2034346
πŸ”— https://github.com/candlepin/candlepin/pull/3197
πŸ”— https://github.com/candlepin/candlepin/pull/3198
πŸ”— https://github.com/candlepin/candlepin/pull/3199
πŸ”— https://access.redhat.com/security/cve/CVE-2021-4142
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=2034346
πŸ”— https://github.com/candlepin/candlepin/pull/3197

Related Vulnerabilities

CVE-2013-64399.3

Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does...

CVE-2019-38917.8

It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials ...

CVE-2015-51876.5

Candlepin allows remote attackers to obtain sensitive information by obtaining Java exception statements as a result of excessive ...

CVE-2020-107104.4

A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-instal...