Candlepinproject

candlepinproject

4 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-1832 2Candlepinproject Redhat 2Candlepin Satellite Nov 21, 2024 Oct 4, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant.
CVE-2021-4142 1Candlepinproject 1Candlepin Nov 21, 2024 Aug 24, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin.
CVE-2015-5187 1Candlepinproject 1Candlepin May 13, 2026 Jul 25, 2017 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 Candlepin allows remote attackers to obtain sensitive information by obtaining Java exception statements as a result of excessive web traffic.
CVE-2012-6119 2Candlepinproject Redhat 2Candlepin Subscription Asset Manager Apr 29, 2026 Apr 2, 2013 N/A· v4 N/A· v3 2.1 LOW· v2 Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.