Code injection

2013-04-0222:55:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.

CPENameOperatorVersion
candlepineq0.4.11
candlepineq0.6.3
candlepinle0.7.2
candlepineq0.4.27
candlepineq0.5.5
candlepineq0.4.5
subscription_asset_managereq1.1.0
subscription_asset_managereq1.0.0
subscription_asset_managerle1.2.0

Name	Operator	Version
candlepin	eq	0.4.11
candlepin	eq	0.6.3
candlepin	le	0.7.2
candlepin	eq	0.4.27
candlepin	eq	0.5.5
candlepin	eq	0.4.5
subscription_asset_manager	eq	1.1.0
subscription_asset_manager	eq	1.0.0
subscription_asset_manager	le	1.2.0