Vulnerability Details CVE-2021-4142
The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.6%
CVSS Severity
CVSS v3 Score 5.5
References
- https://access.redhat.com/security/cve/CVE-2021-4142
- https://bugzilla.redhat.com/show_bug.cgi?id=2034346
- https://github.com/candlepin/candlepin/pull/3197
- https://github.com/candlepin/candlepin/pull/3198
- https://github.com/candlepin/candlepin/pull/3199
- https://access.redhat.com/security/cve/CVE-2021-4142
- https://bugzilla.redhat.com/show_bug.cgi?id=2034346
- https://github.com/candlepin/candlepin/pull/3197
- https://github.com/candlepin/candlepin/pull/3198
- https://github.com/candlepin/candlepin/pull/3199
Products affected by CVE-2021-4142
-
cpe:2.3:a:candlepinproject:candlepin:3.1.0
-
cpe:2.3:a:candlepinproject:candlepin:3.1.0-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.1-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.10-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.11-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.12-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.13-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.14-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.15-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.16-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.17-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.18-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.19-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.2-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.20-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.21-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.22-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.23-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.24-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.25-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.26-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.28-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.28-2
-
cpe:2.3:a:candlepinproject:candlepin:3.1.3-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.4-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.5-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.6-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.7-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.8-1
-
cpe:2.3:a:candlepinproject:candlepin:3.1.9-1
-
cpe:2.3:a:candlepinproject:candlepin:3.2.0
-
cpe:2.3:a:candlepinproject:candlepin:3.2.0-1
-
cpe:2.3:a:candlepinproject:candlepin:3.2.1-1
-
cpe:2.3:a:candlepinproject:candlepin:3.2.10-1
-
cpe:2.3:a:candlepinproject:candlepin:3.2.11-1
-
cpe:2.3:a:candlepinproject:candlepin:3.2.12-1
-
cpe:2.3:a:candlepinproject:candlepin:3.2.13-1
-
cpe:2.3:a:candlepinproject:candlepin:3.2.14-1
-
cpe:2.3:a:candlepinproject:candlepin:3.2.15-1
-
cpe:2.3:a:candlepinproject:candlepin:3.2.16-1
-
cpe:2.3:a:candlepinproject:candlepin:3.2.17-1
-
cpe:2.3:a:candlepinproject:candlepin:3.2.18-1
-
cpe:2.3:a:candlepinproject:candlepin:3.2.19-1
-
cpe:2.3:a:candlepinproject:candlepin:3.2.2-1
-
cpe:2.3:a:candlepinproject:candlepin:3.2.20-1
-
cpe:2.3:a:candlepinproject:candlepin:3.2.21-1
-
cpe:2.3:a:candlepinproject:candlepin:3.2.3-1
-
cpe:2.3:a:candlepinproject:candlepin:3.2.4-1
-
cpe:2.3:a:candlepinproject:candlepin:3.2.5-1
-
cpe:2.3:a:candlepinproject:candlepin:3.2.6-1
-
cpe:2.3:a:candlepinproject:candlepin:3.2.7-1
-
cpe:2.3:a:candlepinproject:candlepin:3.2.8-1
-
cpe:2.3:a:candlepinproject:candlepin:3.2.9-1
-
cpe:2.3:a:candlepinproject:candlepin:4.1.0
-
cpe:2.3:a:candlepinproject:candlepin:4.1.0-1
-
cpe:2.3:a:candlepinproject:candlepin:4.1.1-1
-
cpe:2.3:a:candlepinproject:candlepin:4.1.2-1
-
cpe:2.3:a:candlepinproject:candlepin:4.1.3-1
-
cpe:2.3:a:candlepinproject:candlepin:4.1.4-1
-
cpe:2.3:a:candlepinproject:candlepin:4.1.5-1
-
cpe:2.3:a:candlepinproject:candlepin:4.1.6-1
-
cpe:2.3:a:candlepinproject:candlepin:4.1.7-1
-
cpe:2.3:a:candlepinproject:candlepin:4.1.8-1