CVE-2021-4142
Last modified
CVE-2021-4142 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin.. EPSS estimates a 0.17% chance of exploitation in the next 30 days.
Description
The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Candlepinproject | Candlepin | >= 3.1.0, <= 3.1.28-2 |
| Candlepinproject | Candlepin | >= 3.2.0, <= 3.2.21-1 |
| Candlepinproject | Candlepin | >= 4.1.0, <= 4.1.8-1 |
References
- https://access.redhat.com/security/cve/CVE-2021-4142Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2034346Issue Tracking, Vendor Advisory
- https://github.com/candlepin/candlepin/pull/3197Patch, Third Party Advisory
- https://github.com/candlepin/candlepin/pull/3198Third Party Advisory
- https://github.com/candlepin/candlepin/pull/3199Patch, Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2021-4142Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2034346Issue Tracking, Vendor Advisory
- https://github.com/candlepin/candlepin/pull/3197Patch, Third Party Advisory
- https://github.com/candlepin/candlepin/pull/3198Third Party Advisory
- https://github.com/candlepin/candlepin/pull/3199Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-4142?
How severe is CVE-2021-4142?
How do I fix CVE-2021-4142?
Are you affected by CVE-2021-4142?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST