CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-1832 – Improper authorization check in the server component
https://notcve.org/view.php?id=CVE-2023-1832
An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant. Se encontró una falla de control de acceso inadecuado en Candlepin. Un atacante puede crear datos pertenecientes a otro customer/tenant, lo que puede provocar una pérdida de confidencialidad y disponibilidad para el customer/tenant afectado. • https://access.redhat.com/security/cve/CVE-2023-1832 https://bugzilla.redhat.com/show_bug.cgi?id=2184364 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-4142 – Satellite: Allow unintended SCA certificate to authenticate Candlepin
https://notcve.org/view.php?id=CVE-2021-4142
The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin. El componente Candlepin de Red Hat Satellite estaba afectado por un fallo de autenticación inapropiado. Algunos factores podían permitir a un atacante usar el certificado SCA (Simple Content Access) para la autenticación con Candlepin. • https://access.redhat.com/security/cve/CVE-2021-4142 https://bugzilla.redhat.com/show_bug.cgi?id=2034346 https://github.com/candlepin/candlepin/pull/3197 https://github.com/candlepin/candlepin/pull/3198 https://github.com/candlepin/candlepin/pull/3199 • CWE-287: Improper Authentication CWE-639: Authorization Bypass Through User-Controlled Key •