Candlepin prior to 0.7.24, as used in Red Hat Subscription Asset Manager prior to 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
candlepinproject candlepin 0.5.5 |
||
candlepinproject candlepin 0.4.27 |
||
candlepinproject candlepin 0.4.11 |
||
candlepinproject candlepin 0.4.5 |
||
redhat subscription asset manager 1.1.0 |
||
candlepinproject candlepin |
||
redhat subscription asset manager |
||
redhat subscription asset manager 1.0.0 |
||
candlepinproject candlepin 0.6.3 |