4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
rpm has insecure signature. The vulnerability exists due to an untrusted RPM or public key.
access.redhat.com/errata/RHSA-2022:0254
access.redhat.com/errata/RHSA-2022:0368
access.redhat.com/errata/RHSA-2022:0634
access.redhat.com/security/cve/CVE-2021-3521
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1941098
github.com/rpm-software-management/rpm/commit/bd36c5dc9fb6d90c46fbfed8c2d67516fc571ec8
github.com/rpm-software-management/rpm/pull/1795/
security.gentoo.org/glsa/202210-22