Vulnerability Details CVE-2012-6119
Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.2%
CVSS Severity
CVSS v2 Score 2.1
References
- http://rhn.redhat.com/errata/RHSA-2013-0686.html
- http://secunia.com/advisories/52774
- http://www.osvdb.org/91719
- https://bugzilla.redhat.com/show_bug.cgi?id=908613
- https://github.com/candlepin/candlepin/blob/master/candlepin.spec
- https://github.com/candlepin/candlepin/commit/f4d93230e58b969c506b4c9778e04482a059b08c
- http://rhn.redhat.com/errata/RHSA-2013-0686.html
- http://secunia.com/advisories/52774
- http://www.osvdb.org/91719
- https://bugzilla.redhat.com/show_bug.cgi?id=908613
- https://github.com/candlepin/candlepin/blob/master/candlepin.spec
- https://github.com/candlepin/candlepin/commit/f4d93230e58b969c506b4c9778e04482a059b08c
Products affected by CVE-2012-6119
-
cpe:2.3:a:candlepinproject:candlepin:-
-
cpe:2.3:a:candlepinproject:candlepin:0.0.1-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.10-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.11-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.12-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.13-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.14-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.15-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.16-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.17-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.18-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.19-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.2-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.21-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.22-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.23-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.24-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.25-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.26-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.27-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.28-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.29-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.3-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.30-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.31-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.32-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.33-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.34-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.35-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.36-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.37-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.38-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.39-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.4-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.40-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.41-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.42-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.43-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.5-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.6-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.7-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.8-1
-
cpe:2.3:a:candlepinproject:candlepin:0.0.9-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.1-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.10-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.11-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.12-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.13-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.14-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.15-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.16-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.17-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.18-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.19-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.2-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.20-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.21-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.22-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.23-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.24-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.25-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.26-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.27-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.28-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.29-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.3-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.30-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.31-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.32-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.33-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.34-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.35-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.36-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.37-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.38-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.4-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.5-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.6-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.7-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.8-1
-
cpe:2.3:a:candlepinproject:candlepin:0.1.9-1
-
cpe:2.3:a:candlepinproject:candlepin:0.2.1-1
-
cpe:2.3:a:candlepinproject:candlepin:0.2.10-1
-
cpe:2.3:a:candlepinproject:candlepin:0.2.11-1
-
cpe:2.3:a:candlepinproject:candlepin:0.2.12-1
-
cpe:2.3:a:candlepinproject:candlepin:0.2.13-1
-
cpe:2.3:a:candlepinproject:candlepin:0.2.14-1
-
cpe:2.3:a:candlepinproject:candlepin:0.2.15-1
-
cpe:2.3:a:candlepinproject:candlepin:0.2.16-1
-
cpe:2.3:a:candlepinproject:candlepin:0.2.17-1
-
cpe:2.3:a:candlepinproject:candlepin:0.2.18-1
-
cpe:2.3:a:candlepinproject:candlepin:0.2.2-1
-
cpe:2.3:a:candlepinproject:candlepin:0.2.3-1
-
cpe:2.3:a:candlepinproject:candlepin:0.2.4-1
-
cpe:2.3:a:candlepinproject:candlepin:0.2.5-1
-
cpe:2.3:a:candlepinproject:candlepin:0.2.6-1
-
cpe:2.3:a:candlepinproject:candlepin:0.2.7-1
-
cpe:2.3:a:candlepinproject:candlepin:0.2.8-1
-
cpe:2.3:a:candlepinproject:candlepin:0.2.9-1
-
cpe:2.3:a:candlepinproject:candlepin:0.3.1-1
-
cpe:2.3:a:candlepinproject:candlepin:0.3.10-1
-
cpe:2.3:a:candlepinproject:candlepin:0.3.11-1
-
cpe:2.3:a:candlepinproject:candlepin:0.3.12-1
-
cpe:2.3:a:candlepinproject:candlepin:0.3.13-1
-
cpe:2.3:a:candlepinproject:candlepin:0.3.14-1
-
cpe:2.3:a:candlepinproject:candlepin:0.3.15-1
-
cpe:2.3:a:candlepinproject:candlepin:0.3.2-1
-
cpe:2.3:a:candlepinproject:candlepin:0.3.3-1
-
cpe:2.3:a:candlepinproject:candlepin:0.3.4-1
-
cpe:2.3:a:candlepinproject:candlepin:0.3.5-1
-
cpe:2.3:a:candlepinproject:candlepin:0.3.6-1
-
cpe:2.3:a:candlepinproject:candlepin:0.3.7-1
-
cpe:2.3:a:candlepinproject:candlepin:0.3.8-1
-
cpe:2.3:a:candlepinproject:candlepin:0.3.9-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.1-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.10-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.11
-
cpe:2.3:a:candlepinproject:candlepin:0.4.11-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.12-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.13-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.14-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.15-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.16-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.17-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.18-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.19-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.2-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.20-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.21-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.22-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.23-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.24-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.25-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.26-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.27
-
cpe:2.3:a:candlepinproject:candlepin:0.4.27-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.3-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.4-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.5
-
cpe:2.3:a:candlepinproject:candlepin:0.4.5-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.6-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.7-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.8-1
-
cpe:2.3:a:candlepinproject:candlepin:0.4.9-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.1-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.10-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.11-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.12-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.13-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.14-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.15-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.16-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.17-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.18-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.19-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.2-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.20-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.21-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.22-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.23-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.24-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.25-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.26-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.26.1-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.26.2-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.26.3-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.27-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.28-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.29-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.3-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.30-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.31-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.32-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.33-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.34-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.35-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.4-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.5
-
cpe:2.3:a:candlepinproject:candlepin:0.5.5-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.5.2-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.6-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.7-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.8-1
-
cpe:2.3:a:candlepinproject:candlepin:0.5.9-1
-
cpe:2.3:a:candlepinproject:candlepin:0.6.1-1
-
cpe:2.3:a:candlepinproject:candlepin:0.6.2-1
-
cpe:2.3:a:candlepinproject:candlepin:0.6.3
-
cpe:2.3:a:candlepinproject:candlepin:0.6.3-1
-
cpe:2.3:a:candlepinproject:candlepin:0.6.4-1
-
cpe:2.3:a:candlepinproject:candlepin:0.6.5-1
-
cpe:2.3:a:candlepinproject:candlepin:0.6.6-1
-
cpe:2.3:a:candlepinproject:candlepin:0.6.7-1
-
cpe:2.3:a:candlepinproject:candlepin:0.6.7.1-1
-
cpe:2.3:a:candlepinproject:candlepin:0.7.1-1
-
cpe:2.3:a:candlepinproject:candlepin:0.7.2
-
cpe:2.3:a:redhat:subscription_asset_manager:-
-
cpe:2.3:a:redhat:subscription_asset_manager:1.0.0
-
cpe:2.3:a:redhat:subscription_asset_manager:1.1.0
-
cpe:2.3:a:redhat:subscription_asset_manager:1.2.0