Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2013-6439 from the MITRE CVE dictionary dictionary and NIST NVD.
Base Score | 9 |
---|---|
Base Metrics | AV:N/AC:L/Au:N/C:C/I:P/A:P |
Access Vector | Network |
Access Complexity | Low |
Authentication | None |
Confidentiality Impact | Complete |
Integrity Impact | Partial |
Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Red Hat Subscription Asset Manager 1.3 (candlepin) | RHSA-2013:1863 | 2013-12-19 |
Platform | Package | State |
---|---|---|
Red Hat Satellite 6 | candlepin | Not affected |