Unrated severityNVD Advisory· Published Apr 2, 2013· Updated Apr 29, 2026
CVE-2012-6119
CVE-2012-6119
Description
Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.
Affected products
9cpe:2.3:a:candlepinproject:candlepin:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:candlepinproject:candlepin:*:*:*:*:*:*:*:*range: <=0.7.2
- cpe:2.3:a:candlepinproject:candlepin:0.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:candlepinproject:candlepin:0.4.27:*:*:*:*:*:*:*
- cpe:2.3:a:candlepinproject:candlepin:0.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:candlepinproject:candlepin:0.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:candlepinproject:candlepin:0.6.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:subscription_asset_manager:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:redhat:subscription_asset_manager:*:*:*:*:*:*:*:*range: <=1.2.0
- cpe:2.3:a:redhat:subscription_asset_manager:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:subscription_asset_manager:1.1.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- rhn.redhat.com/errata/RHSA-2013-0686.htmlnvdVendor Advisory
- secunia.com/advisories/52774nvdVendor Advisory
- www.osvdb.org/91719nvd
- bugzilla.redhat.com/show_bug.cginvd
- github.com/candlepin/candlepin/blob/master/candlepin.specnvd
- github.com/candlepin/candlepin/commit/f4d93230e58b969c506b4c9778e04482a059b08cnvd
News mentions
0No linked articles in our index yet.