CVE-2021-4142
Summary
| CVE | CVE-2021-4142 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-08-24 16:15:00 UTC |
|---|
| Updated | 2023-11-07 03:40:00 UTC |
|---|
| Description | The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [3.1] Disallow authN with SCA certificate by nikosmoum · Pull Request #3199 · candlepin/candlepin · GitHub |
MISC |
github.com |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
MISC |
access.redhat.com |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
MISC |
access.redhat.com |
|
| 2034346 – (CVE-2021-4142) CVE-2021-4142 Satellite: Allow unintended SCA certificate to authenticate Candlepin |
MISC |
bugzilla.redhat.com |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
MISC |
access.redhat.com |
|
| [4.0] Disallow authN with SCA certificate by nikosmoum · Pull Request #3198 · candlepin/candlepin · GitHub |
MISC |
github.com |
|
| [3.2] Disallow authN with SCA certificate by nikosmoum · Pull Request #3197 · candlepin/candlepin · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 240123 Red Hat Update for Satellite 6.10 (RHSA-2022:0790)
- 240566 Red Hat Update for Satellite 6.11 Release (RHSA-2022:5498)
- 960505 Rocky Linux Security Update for Satellite (RLSA-2022:5498)
