CVE-2023-1832
First published: Tue Apr 04 2023(Updated: )
An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Candlepinproject Candlepin | <4.3.7-3 | |
| Redhat Satellite | =6.0 | |
| redhat/candlepin-4.3.7 | <3 | 3 |
| redhat/candlepin-4.3.8 | <1 | 1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-1832?
CVE-2023-1832 is an improper access control flaw found in Candlepin that can result in loss of confidentiality and availability for the affected customer.
How does CVE-2023-1832 affect Candlepin?
CVE-2023-1832 affects Candlepin by allowing an attacker to create data scoped under another customer/tenant, compromising confidentiality and availability.
What is the severity of CVE-2023-1832?
The severity of CVE-2023-1832 is high, with a CVSS score of 8.1.
Which versions of Candlepin are affected by CVE-2023-1832?
Candlepin versions 4.3.7 (up to exclusive 3) and 4.3.8 (up to exclusive 1) are affected by CVE-2023-1832.
How can I fix CVE-2023-1832?
To fix CVE-2023-1832, upgrade to Candlepin version 4.3.7 (exclusive 3) or 4.3.8 (exclusive 1).
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-api
- collector/nvd-index
- collector/redhat-bugzilla
- alias/CVE-2023-1832
- vendor/candlepinproject
- canonical/candlepinproject candlepin
- vendor/redhat
- canonical/redhat satellite
- version/redhat satellite/6.0
- package-manager/redhat