V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2012-6119
CVE
Medium

Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which all…

CVSS
4.0
Medium
EPSS
0.00
p33
Published
2012-01-01
Updated
2012-01-01
Description

Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.

Tags · CWE
CWE-264
Affected products
Candlepin ≤ 0.7.2CandlepinSubscription_asset_manager ≤ 1.2.0Subscription_asset_manager
CVSS vector
AV:N/AC:L/Au:S/C:N/I:P/A:N
Timeline
2012-01-01
Published
2012-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Authentication
Au: S
Single
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: P
Partial
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.004 · p33
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
candlepinTracked
katelloTracked
katello-configureTracked
rubygem-actionpackTracked
rubygem-activemodelTracked
rubygem-delayed_jobTracked
rubygem-jsonTracked
rubygem-nokogiriTracked
rubygem-rackTracked
rubygem-rails_wardenTracked
rubygem-rdocTracked
thumbslugTracked
candlepin*Tracked
subscription_asset_manager*Tracked
Source databases
CVE
RED