CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-1832 – Improper authorization check in the server component
https://notcve.org/view.php?id=CVE-2023-1832
04 Oct 2023 — An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant. Se encontró una falla de control de acceso inadecuado en Candlepin. Un atacante puede crear datos pertenecientes a otro customer/tenant, lo que puede provocar una pérdida de confidencialidad y disponibilidad para el customer/tenant afectado. • https://access.redhat.com/security/cve/CVE-2023-1832 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-4142 – Satellite: Allow unintended SCA certificate to authenticate Candlepin
https://notcve.org/view.php?id=CVE-2021-4142
09 Mar 2022 — The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin. El componente Candlepin de Red Hat Satellite estaba afectado por un fallo de autenticación inapropiado. Algunos factores podían permitir a un atacante usar el certificado SCA (Simple Content Access) para la autenticación con Candlepin. Red Hat Satellite is a systems management tool for Linux-bas... • https://access.redhat.com/security/cve/CVE-2021-4142 • CWE-287: Improper Authentication CWE-639: Authorization Bypass Through User-Controlled Key •