CVE-2012-6119

EPSS 0.05%
Published 02.04.2013 22:55:01
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.

Affected products Warnungen 0 Metrics 2 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

Candlepinproject ≫ Candlepin Version <= 0.7.2

Candlepinproject ≫ Candlepin Version0.4.5

Candlepinproject ≫ Candlepin Version0.4.11

Candlepinproject ≫ Candlepin Version0.4.27

Candlepinproject ≫ Candlepin Version0.5.5

Candlepinproject ≫ Candlepin Version0.6.3

Redhat ≫ Subscription Asset Manager Version <= 1.2.0

Redhat ≫ Subscription Asset Manager Version1.0.0

Redhat ≫ Subscription Asset Manager Version1.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.138

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:P/A:N

http://rhn.redhat.com/errata/RHSA-2013-0686.html

Vendor Advisory

http://secunia.com/advisories/52774

Vendor Advisory

http://www.osvdb.org/91719

https://bugzilla.redhat.com/show_bug.cgi?id=908613

https://github.com/candlepin/candlepin/blob/master/candlepin.spec

https://github.com/candlepin/candlepin/commit/f4d93230e58b969c506b4c9778e04482a059b08c

https://nvd.nist.gov/vuln/detail/CVE-2012-6119

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-6119

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-6119

EUVD