Candlepinproject Candlepin — known CVE vulnerabilities
Every CVE whose affected-product data names Candlepinproject Candlepin, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2023-1832 — CVSS 6.8 (medium): An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result…
CVE-2015-5187 — CVSS 6.5 (medium): Candlepin allows remote attackers to obtain sensitive information by obtaining Java exception statements as a result of excessive web…
CVE-2021-4142 — CVSS 5.5 (medium): The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use…
CVE-2012-6119 — CVSS 2.1 (low): Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which…