CVE-2021-4142

Summary

The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin.

Affected Software

VendorProductVersion RangeStatus
n/acandlepinAffects v3.1.28-2, v3.2.21-1, v4.1.8-1 and earlier are affected.affected

Weaknesses

  • CWE-639: CWE-639 - Authorization Bypass Through User-Controlled Key -> CWE-287 - Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

References