What is CVE-2021-4142?

CVE-2021-4142 is a vulnerability in the Candlepin component of Red Hat Satellite that allows an attacker to use the SCA certificate for authentication.

How does CVE-2021-4142 affect Red Hat Satellite?

CVE-2021-4142 affects Red Hat Satellite by exposing an improper authentication flaw in the Candlepin component.

What factors could allow an attacker to exploit CVE-2021-4142?

An attacker could exploit CVE-2021-4142 by using the SCA certificate for authentication with Candlepin.

What is the severity of CVE-2021-4142?

CVE-2021-4142 has a severity rating of medium with a CVSS score of 5.5.

How can I fix CVE-2021-4142?

To fix CVE-2021-4142, it is recommended to update Red Hat Satellite to the latest version and apply any relevant patches.

Vulnerability/
CVE-2021-4142

medium

5.5

CWE

287 639

20/12/2021

24/8/2022

3/8/2024

CVE-2021-4142

First published: Mon Dec 20 2021(Updated: )

The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Candlepinproject Candlepin	>=3.1.0<=3.1.28-2
Candlepinproject Candlepin	>=3.2.0<=3.2.21-1
Candlepinproject Candlepin	>=4.1.0<=4.1.8-1

Remedy

https://github.com/candlepin/candlepin/pull/3197

Remedy

https://github.com/candlepin/candlepin/pull/3199

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-4142?
CVE-2021-4142 is a vulnerability in the Candlepin component of Red Hat Satellite that allows an attacker to use the SCA certificate for authentication.
How does CVE-2021-4142 affect Red Hat Satellite?
CVE-2021-4142 affects Red Hat Satellite by exposing an improper authentication flaw in the Candlepin component.
What factors could allow an attacker to exploit CVE-2021-4142?
An attacker could exploit CVE-2021-4142 by using the SCA certificate for authentication with Candlepin.
What is the severity of CVE-2021-4142?
CVE-2021-4142 has a severity rating of medium with a CVSS score of 5.5.
How can I fix CVE-2021-4142?
To fix CVE-2021-4142, it is recommended to update Red Hat Satellite to the latest version and apply any relevant patches.

collector/nvd-index
agent/weakness
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
agent/remedy
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2021-4142
agent/references
agent/author
agent/severity
agent/type
agent/description
agent/event
agent/tags
collector/mitre-cve
source/MITRE
vendor/candlepinproject
canonical/candlepinproject candlepin
version/candlepinproject candlepin/3.1.0
version/candlepinproject candlepin/3.1.28-2
version/candlepinproject candlepin/3.2.0
version/candlepinproject candlepin/3.2.21-1
version/candlepinproject candlepin/4.1.0
version/candlepinproject candlepin/4.1.8-1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.