CVE-2012-6119

CWE-2645 documents5 sources

Severity

2.1LOW

EPSS

0.1%

top 82.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Candlepinproject Candlepin Redhat Subscription Asset Manager

Timeline

PublishedApr 2

Latest updateMay 17

Description

Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶NVDredhat/subscription_asset_manager1.2.0+2

▶NVDcandlepinproject/candlepin0.7.2+5

🔴Vulnerability Details

GHSA

GHSA-jffh-2rxm-9wjg: Candlepin before 0↗2022-05-17

▶

CVEList

CVE-2012-6119: Candlepin before 0↗2013-04-02

▶

📋Vendor Advisories

Red Hat

Candlepin: Re-enable manifest signature checking↗2012-06-27

▶

💬Community

Bugzilla

CVE-2012-6119 Candlepin: Re-enable manifest signature checking↗2013-02-07

▶