CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-4142

MEDIUM
5.5
CVSS Severity Score
EPSS Score0.1860%
EPSS Percentile23.81th
Published2022年8月24日
Last Modified2024年11月21日

Vulnerability Description

The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin.

Affected Platforms (CPE)

📦
Candlepinproject

Candlepin

>= 3.1.0 and <= 3.1.28-2
📦
Candlepinproject

Candlepin

>= 3.2.0 and <= 3.2.21-1
📦
Candlepinproject

Candlepin

>= 4.1.0 and <= 4.1.8-1

References & Advisories

🔗 https://access.redhat.com/security/cve/CVE-2021-4142
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=2034346
🔗 https://github.com/candlepin/candlepin/pull/3197
🔗 https://github.com/candlepin/candlepin/pull/3198
🔗 https://github.com/candlepin/candlepin/pull/3199
🔗 https://access.redhat.com/security/cve/CVE-2021-4142
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=2034346
🔗 https://github.com/candlepin/candlepin/pull/3197

相关漏洞威胁

CVE-2013-64399.3

Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does...

CVE-2019-38917.8

It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials ...

CVE-2015-51876.5

Candlepin allows remote attackers to obtain sensitive information by obtaining Java exception statements as a result of excessive ...

CVE-2020-107104.4

A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-instal...