CVE-2021-4142

CWE-639Insecure Direct Object ReferenceCWE-287Improper Authentication5 documents5 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 69.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Candlepinproject Candlepin
Timeline
PublishedAug 24
Latest updateAug 25

Description

The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDcandlepinproject/candlepin3.1.03.1.28-2+2
CVEListV5candlepinAffects v3.1.28-2, v3.2.21-1, v4.1.8-1 and earlier are affected.

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-qjqc-gw55-mpmx: The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw2022-08-25
CVEList
CVE-2021-4142: The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw2022-08-24

📋Vendor Advisories

2
Red Hat
Satellite: Allow unintended SCA certificate to authenticate Candlepin2022-01-17
Microsoft
Microsoft Office Graphics Remote Code Execution Vulnerability2021-09-14
CVE-2021-4142 (MEDIUM CVSS 5.5) | The Candlepin component of Red Hat | cvebase.io