VDB
CVE-2021-4142
CVE-2021-4142
PUBLISHED
CVSS 5.5 MEDIUM
The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin.
EPSS 0.12% · 30.3th percentile
Risk Scores
CVSS v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.12%
30.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| candlepinproject | candlepin | 3.1.0, 3.2.0, 4.1.0 |
| n/a | candlepin | Affects v3.1.28-2, v3.2.21-1, v4.1.8-1 and earlier are affected. |
Timeline
- Aug 24, 2022 CVE Published
- Aug 25, 2022 EPSS Score
- Oct 10, 2022 EPSS Score
- Nov 24, 2022 EPSS Score
- Jan 9, 2023 EPSS Score
- Feb 23, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 10, 2023 EPSS Score
- May 26, 2023 EPSS Score
- Jul 10, 2023 EPSS Score
- Aug 25, 2023 EPSS Score
- Oct 9, 2023 EPSS Score
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2034346 url
- https://access.redhat.com/security/cve/CVE-2021-4142 url
- https://github.com/candlepin/candlepin/pull/3199 url
- https://github.com/candlepin/candlepin/pull/3197 url
- https://github.com/candlepin/candlepin/pull/3198 url
- https://nvd.nist.gov/vuln/detail/CVE-2021-4142 advisory
- https://access.redhat.com/errata/RHSA-2022:0790 url
- https://access.redhat.com/errata/RHSA-2022:5498 url