CVE-2012-6119

Published Apr 2, 2013

Last updated 12 years ago

Overview

Description: Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:candlepinproject:candlepin:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B1D9F06-42FF-43F3-9227-F1524BB8838B",
            "versionEndIncluding": "0.7.2"
          },
          {
            "criteria": "cpe:2.3:a:candlepinproject:candlepin:0.4.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20B7A721-F0EC-4E44-A276-E849D06EA048"
          },
          {
            "criteria": "cpe:2.3:a:candlepinproject:candlepin:0.4.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8ECDE2F9-B94F-4B8C-9D20-3A1C96729050"
          },
          {
            "criteria": "cpe:2.3:a:candlepinproject:candlepin:0.4.27:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F8F8633-9313-42D8-B309-D81DF467FE11"
          },
          {
            "criteria": "cpe:2.3:a:candlepinproject:candlepin:0.5.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A932DE3-11C2-4852-A803-73BB0DBDE22A"
          },
          {
            "criteria": "cpe:2.3:a:candlepinproject:candlepin:0.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3878FE4-235F-4902-ABCE-CFDBD2C32964"
          },
          {
            "criteria": "cpe:2.3:a:redhat:subscription_asset_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E20A0D71-54E5-4165-BE9F-5668B59622AB",
            "versionEndIncluding": "1.2.0"
          },
          {
            "criteria": "cpe:2.3:a:redhat:subscription_asset_manager:1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1AEAC18-A40A-4F25-9C41-FD72F577292B"
          },
          {
            "criteria": "cpe:2.3:a:redhat:subscription_asset_manager:1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CB43793-470F-4C24-AC75-A2555CA68A70"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References