Vulnerability Description
The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Candlepinproject | Candlepin | >= 3.1.0, <= 3.1.28-2 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/CVE-2021-4142Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2034346Issue TrackingVendor Advisory
- https://github.com/candlepin/candlepin/pull/3197PatchThird Party Advisory
- https://github.com/candlepin/candlepin/pull/3198Third Party Advisory
- https://github.com/candlepin/candlepin/pull/3199PatchThird Party Advisory
- https://access.redhat.com/security/cve/CVE-2021-4142Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2034346Issue TrackingVendor Advisory
- https://github.com/candlepin/candlepin/pull/3197PatchThird Party Advisory
- https://github.com/candlepin/candlepin/pull/3198Third Party Advisory
- https://github.com/candlepin/candlepin/pull/3199PatchThird Party Advisory
FAQ
What is CVE-2021-4142?
CVE-2021-4142 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication ...
How severe is CVE-2021-4142?
CVE-2021-4142 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-4142?
Check the references section above for vendor advisories and patch information. Affected products include: Candlepinproject Candlepin.