Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-4142

The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin.

Published

2022-08-24T16:15:09.547

Last Modified

2024-11-21T06:36:59.480

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-639
Type: Secondary
CWE-287
CWE-639

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	candlepinproject	candlepin	≤ 3.1.28-2	Yes
Application	candlepinproject	candlepin	≤ 3.2.21-1	Yes
Application	candlepinproject	candlepin	≤ 4.1.8-1	Yes

References

https://access.redhat.com/security/cve/CVE-2021-4142 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2034346 Issue Tracking, Vendor Advisory ([email protected])
https://github.com/candlepin/candlepin/pull/3197 Patch, Third Party Advisory ([email protected])
https://github.com/candlepin/candlepin/pull/3198 Third Party Advisory ([email protected])
https://github.com/candlepin/candlepin/pull/3199 Patch, Third Party Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2021-4142 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2034346 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/candlepin/candlepin/pull/3197 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/candlepin/candlepin/pull/3198 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/candlepin/candlepin/pull/3199 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)