VYPR
Unrated severityNVD Advisory· Published Apr 2, 2013· Updated Jun 16, 2026

CVE-2012-6119

CVE-2012-6119

Description

Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11
  • cpe:2.3:a:candlepinproject:candlepin:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:candlepinproject:candlepin:*:*:*:*:*:*:*:*range: <=0.7.2
    • cpe:2.3:a:candlepinproject:candlepin:0.4.11:*:*:*:*:*:*:*
    • cpe:2.3:a:candlepinproject:candlepin:0.4.27:*:*:*:*:*:*:*
    • cpe:2.3:a:candlepinproject:candlepin:0.4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:candlepinproject:candlepin:0.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:candlepinproject:candlepin:0.6.3:*:*:*:*:*:*:*
    • (no CPE)range: <0.7.24
  • cpe:2.3:a:redhat:subscription_asset_manager:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:redhat:subscription_asset_manager:*:*:*:*:*:*:*:*range: <=1.2.0
    • cpe:2.3:a:redhat:subscription_asset_manager:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:subscription_asset_manager:1.1.0:*:*:*:*:*:*:*
    • (no CPE)range: <1.2.1

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.