Lucene search

PRIOn knowledge basePRION:CVE-2012-6119

HistoryApr 02, 2013 - 10:55 p.m.

Code injection

2013-04-0222:55:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.4%

JSON

Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.

CPENameOperatorVersion
candlepineq0.4.11
candlepineq0.6.3
candlepinle0.7.2
candlepineq0.4.27
candlepineq0.5.5
candlepineq0.4.5
subscription_asset_managereq1.1.0
subscription_asset_managereq1.0.0
subscription_asset_managerle1.2.0

Name	Operator	Version
candlepin	eq	0.4.11
candlepin	eq	0.6.3
candlepin	le	0.7.2
candlepin	eq	0.4.27
candlepin	eq	0.5.5
candlepin	eq	0.4.5
subscription_asset_manager	eq	1.1.0
subscription_asset_manager	eq	1.0.0
subscription_asset_manager	le	1.2.0

References

rhn.redhat.com/errata/RHSA-2013-0686.html

secunia.com/advisories/52774

www.osvdb.org/91719

bugzilla.redhat.com/show_bug.cgi?id=908613

github.com/candlepin/candlepin/blob/master/candlepin.spec

github.com/candlepin/candlepin/commit/f4d93230e58b969c506b4c9778e04482a059b08c

6.6 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.4%

JSON

Related for PRION:CVE-2012-6119