Описание
Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.
Дополнительная информация
Статус:
Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=908613Candlepin: Re-enable manifest signature checking
EPSS
Процентиль: 18%
0.00057
Низкий
4 Medium
CVSS2
Связанные уязвимости
nvd
почти 13 лет назад
Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.
debian
почти 13 лет назад
Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager ...
github
больше 3 лет назад
Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.
EPSS
Процентиль: 18%
0.00057
Низкий
4 Medium
CVSS2