CVE-2012-6119
Candlepin: Re-enable manifest signature checking
Severity Score
2.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.
Candlepin antes de v0.7.24, tal como se utiliza en el Administrador de Activos de Red Hat SuscripciĆ³n antes de v1.2.1, no comprueba correctamente firmas de los manifest, que permite a usuarios locales modificarlos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-12-06 CVE Reserved
- 2013-03-26 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.osvdb.org/91719 | Vdb Entry | |
| https://github.com/candlepin/candlepin/blob/master/candlepin.spec | X_refsource_confirm | |
| https://github.com/candlepin/candlepin/commit/f4d93230e58b969c506b4c9778e04482a059b08c | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0686.html | 2013-04-03 | |
| http://secunia.com/advisories/52774 | 2013-04-03 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=908613 | 2013-03-26 | |
| https://access.redhat.com/security/cve/CVE-2012-6119 | 2013-03-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Candlepinproject Search vendor "Candlepinproject" | Candlepin Search vendor "Candlepinproject" for product "Candlepin" | <= 0.7.2 Search vendor "Candlepinproject" for product "Candlepin" and version " <= 0.7.2" | - |
Affected
| ||||||
| Candlepinproject Search vendor "Candlepinproject" | Candlepin Search vendor "Candlepinproject" for product "Candlepin" | 0.4.5 Search vendor "Candlepinproject" for product "Candlepin" and version "0.4.5" | - |
Affected
| ||||||
| Candlepinproject Search vendor "Candlepinproject" | Candlepin Search vendor "Candlepinproject" for product "Candlepin" | 0.4.11 Search vendor "Candlepinproject" for product "Candlepin" and version "0.4.11" | - |
Affected
| ||||||
| Candlepinproject Search vendor "Candlepinproject" | Candlepin Search vendor "Candlepinproject" for product "Candlepin" | 0.4.27 Search vendor "Candlepinproject" for product "Candlepin" and version "0.4.27" | - |
Affected
| ||||||
| Candlepinproject Search vendor "Candlepinproject" | Candlepin Search vendor "Candlepinproject" for product "Candlepin" | 0.5.5 Search vendor "Candlepinproject" for product "Candlepin" and version "0.5.5" | - |
Affected
| ||||||
| Candlepinproject Search vendor "Candlepinproject" | Candlepin Search vendor "Candlepinproject" for product "Candlepin" | 0.6.3 Search vendor "Candlepinproject" for product "Candlepin" and version "0.6.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Subscription Asset Manager Search vendor "Redhat" for product "Subscription Asset Manager" | <= 1.2.0 Search vendor "Redhat" for product "Subscription Asset Manager" and version " <= 1.2.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Subscription Asset Manager Search vendor "Redhat" for product "Subscription Asset Manager" | 1.0.0 Search vendor "Redhat" for product "Subscription Asset Manager" and version "1.0.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Subscription Asset Manager Search vendor "Redhat" for product "Subscription Asset Manager" | 1.1.0 Search vendor "Redhat" for product "Subscription Asset Manager" and version "1.1.0" | - |
Affected
| ||||||