Improper authorization check in the server component
CVE-2023-1832

6.8MEDIUM

Key Information:

Vendor: Red Hat
Status: Candlepin-4.3.7; Candlepin-4.3.8; Red Hat Satellite 6
Vendor: CVE Published:; 4 October 2023

What is CVE-2023-1832?

An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant.

Affected Version(s)

candlepin-4.3.7 3

candlepin-4.3.8 1

References

https://access.redhat.com/security/cve/CVE-2023-1832

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2184364

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2023
Vulnerability Reserved
Apr 4, 2023

Credit

Red Hat would like to thank Nikolaos Moumoulidis (redhat) for reporting this issue.

JSON