REDHAT-BUG-2034346
First published: Mon Dec 20 2021(Updated: )
Red Hat Satellite was affected by an improper authentication in which few factors allow for someone to use the SCA (simple content access) certificate for authentication with Candlepin. The SCA certificates are purposed only for authorizing content access against the CDN (or Pulp in case of Satellite).
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Satellite with Embedded Oracle |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2034346?
The severity of REDHAT-BUG-2034346 is classified as important, indicating a significant risk requiring prompt attention.
How do I fix REDHAT-BUG-2034346?
To fix REDHAT-BUG-2034346, it is recommended to apply the latest updates or patches provided by Red Hat for Satellite.
What is the impact of REDHAT-BUG-2034346?
The impact of REDHAT-BUG-2034346 includes unauthorized access that leverages improper authentication via SCA certificates.
Who is affected by REDHAT-BUG-2034346?
Organizations using Red Hat Satellite with Embedded Oracle that utilize SCA certificates for authentication are affected by REDHAT-BUG-2034346.
What are SCA certificates in relation to REDHAT-BUG-2034346?
SCA certificates are intended solely for content access authorization against the CDN in Red Hat Satellite, but can be exploited due to improper authentication as noted in REDHAT-BUG-2034346.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-4142
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/red hat
- canonical/red hat satellite with embedded oracle