Home > Vulnerability Database > CVE-2021-4142

Mend.io Vulnerability Database

CVE-2021-4142

Date: August 24, 2022

The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin.

Language: Ruby

Severity Score

5.5

Related Resources (9)

Url: https://github.com/candlepin/candlepin/pull/3199

Url: https://access.redhat.com/errata/RHSA-2022:5498

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2034346

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-4142

Url: https://access.redhat.com/security/cve/CVE-2021-4142

Url: https://github.com/candlepin/candlepin/pull/3198

Url: https://access.redhat.com/errata/RHSA-2022:0790

Url: https://github.com/candlepin/candlepin/pull/3197

Url: https://www.mend.io/vulnerability-database/CVE-2021-4142

Severity Score

5.5

Weakness Type (CWE)

Authentication Issues

CWE-287

Authorization Bypass Through User-Controlled Key

CWE-639

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2021-4142

Date: August 24, 2022

Language: Ruby

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?