CyberSec.Space Logo
CVEブラウザに戻る

CVE-2012-6119

LOW
2.1
CVSS Severity Score
EPSS Score0.0410%
EPSS Percentile21.25th
Published2013年4月2日
Last Modified2026年4月29日

Vulnerability Description

Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.

Affected Platforms (CPE)

📦
Candlepinproject

Candlepin

<= 0.7.2
📦
Candlepinproject

Candlepin

= 0.4.5
📦
Candlepinproject

Candlepin

= 0.4.11
📦
Candlepinproject

Candlepin

= 0.4.27
📦
Candlepinproject

Candlepin

= 0.5.5
📦
Candlepinproject

Candlepin

= 0.6.3
📦
Redhat

Subscription Asset Manager

<= 1.2.0
📦
Redhat

Subscription Asset Manager

= 1.0.0
📦
Redhat

Subscription Asset Manager

= 1.1.0

References & Advisories

🔗 http://rhn.redhat.com/errata/RHSA-2013-0686.html
🔗 http://secunia.com/advisories/52774
🔗 http://www.osvdb.org/91719
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=908613
🔗 https://github.com/candlepin/candlepin/blob/master/candlepin.spec
🔗 https://github.com/candlepin/candlepin/commit/f4d93230e58b969c506b4c9778e04482a059b08c
🔗 http://rhn.redhat.com/errata/RHSA-2013-0686.html
🔗 http://secunia.com/advisories/52774

関連する脆弱性情報

CVE-2013-64399.3

Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does...

CVE-2019-38917.8

It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials ...

CVE-2015-51876.5

Candlepin allows remote attackers to obtain sensitive information by obtaining Java exception statements as a result of excessive ...

CVE-2021-41425.5

The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker ...