Show plain JSON{"id": "CVE-2012-6119", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-04-02T22:55:01.237", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/52774", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.osvdb.org/91719", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908613", "source": "secalert@redhat.com"}, {"url": "https://github.com/candlepin/candlepin/blob/master/candlepin.spec", "source": "secalert@redhat.com"}, {"url": "https://github.com/candlepin/candlepin/commit/f4d93230e58b969c506b4c9778e04482a059b08c", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/52774", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/91719", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908613", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/candlepin/candlepin/blob/master/candlepin.spec", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/candlepin/candlepin/commit/f4d93230e58b969c506b4c9778e04482a059b08c", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests."}, {"lang": "es", "value": "Candlepin antes de v0.7.24, tal como se utiliza en el Administrador de Activos de Red Hat Suscripci\u00f3n antes de v1.2.1, no comprueba correctamente firmas de los manifest, que permite a usuarios locales modificarlos."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:candlepinproject:candlepin:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B1D9F06-42FF-43F3-9227-F1524BB8838B", "versionEndIncluding": "0.7.2"}, {"criteria": "cpe:2.3:a:candlepinproject:candlepin:0.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20B7A721-F0EC-4E44-A276-E849D06EA048"}, {"criteria": "cpe:2.3:a:candlepinproject:candlepin:0.4.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8ECDE2F9-B94F-4B8C-9D20-3A1C96729050"}, {"criteria": "cpe:2.3:a:candlepinproject:candlepin:0.4.27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F8F8633-9313-42D8-B309-D81DF467FE11"}, {"criteria": "cpe:2.3:a:candlepinproject:candlepin:0.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A932DE3-11C2-4852-A803-73BB0DBDE22A"}, {"criteria": "cpe:2.3:a:candlepinproject:candlepin:0.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3878FE4-235F-4902-ABCE-CFDBD2C32964"}, {"criteria": "cpe:2.3:a:redhat:subscription_asset_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E20A0D71-54E5-4165-BE9F-5668B59622AB", "versionEndIncluding": "1.2.0"}, {"criteria": "cpe:2.3:a:redhat:subscription_asset_manager:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1AEAC18-A40A-4F25-9C41-FD72F577292B"}, {"criteria": "cpe:2.3:a:redhat:subscription_asset_manager:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CB43793-470F-4C24-AC75-A2555CA68A70"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}