Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Candlepin | Candlepinproject | * | 0.7.2 (including) |
Candlepin | Candlepinproject | 0.4.5 (including) | 0.4.5 (including) |
Candlepin | Candlepinproject | 0.4.11 (including) | 0.4.11 (including) |
Candlepin | Candlepinproject | 0.4.27 (including) | 0.4.27 (including) |
Candlepin | Candlepinproject | 0.5.5 (including) | 0.5.5 (including) |
Candlepin | Candlepinproject | 0.6.3 (including) | 0.6.3 (including) |
Subscription_asset_manager | Redhat | * | 1.2.0 (including) |
Subscription_asset_manager | Redhat | 1.0.0 (including) | 1.0.0 (including) |
Subscription_asset_manager | Redhat | 1.1.0 (including) | 1.1.0 (including) |