{"id":"CVE-2021-4142","details":"The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin.","modified":"2026-03-20T04:12:30.511239Z","published":"2022-08-24T16:15:09.547Z","references":[{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2021-4142"},{"type":"ADVISORY","url":"https://github.com/candlepin/candlepin/pull/3198"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2034346"},{"type":"FIX","url":"https://github.com/candlepin/candlepin/pull/3197"},{"type":"FIX","url":"https://github.com/candlepin/candlepin/pull/3199"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/candlepin/candlepin","events":[{"introduced":"3c2e908d53d66755895b5debd9e73b3a27d62a0a"},{"last_affected":"16438276dde4cd24b2fbce7063b6f6e66143969d"},{"introduced":"417c084fc2768cb5e1537782a6746f338e9c1d33"},{"last_affected":"fd6f8e88290d6a3db403ecd78665753e8d04aeed"},{"introduced":"e6ecbd17f29c16ec84148a83f549a75653a86a60"},{"last_affected":"397db5d60a16e8a275627dfb9c6b7181dd440f01"}],"database_specific":{"versions":[{"introduced":"3.1.0"},{"last_affected":"3.1.28-2"},{"introduced":"3.2.0"},{"last_affected":"3.2.21-1"},{"introduced":"4.1.0"},{"last_affected":"4.1.8-1"}]}}],"versions":["candlepin-3.1.0-1","candlepin-3.1.1-1","candlepin-3.1.10-1","candlepin-3.1.11-1","candlepin-3.1.12-1","candlepin-3.1.13-1","candlepin-3.1.14-1","candlepin-3.1.15-1","candlepin-3.1.16-1","candlepin-3.1.17-1","candlepin-3.1.18-1","candlepin-3.1.19-1","candlepin-3.1.2-1","candlepin-3.1.20-1","candlepin-3.1.21-1","candlepin-3.1.22-1","candlepin-3.1.23-1","candlepin-3.1.24-1","candlepin-3.1.25-1","candlepin-3.1.26-1","candlepin-3.1.28-1","candlepin-3.1.28-2","candlepin-3.1.3-1","candlepin-3.1.4-1","candlepin-3.1.5-1","candlepin-3.1.6-1","candlepin-3.1.7-1","candlepin-3.1.8-1","candlepin-3.1.9-1","candlepin-3.2.0-1","candlepin-3.2.1-1","candlepin-3.2.10-1","candlepin-3.2.11-1","candlepin-3.2.12-1","candlepin-3.2.13-1","candlepin-3.2.14-1","candlepin-3.2.15-1","candlepin-3.2.16-1","candlepin-3.2.17-1","candlepin-3.2.18-1","candlepin-3.2.19-1","candlepin-3.2.2-1","candlepin-3.2.20-1","candlepin-3.2.21-1","candlepin-3.2.3-1","candlepin-3.2.4-1","candlepin-3.2.5-1","candlepin-3.2.6-1","candlepin-3.2.7-1","candlepin-3.2.8-1","candlepin-3.2.9-1","candlepin-4.0.0-1","candlepin-4.0.1-1","candlepin-4.1.2-1","candlepin-4.1.3-1","candlepin-4.1.4-1","candlepin-4.1.5-1","candlepin-4.1.6-1","candlepin-4.1.7-1","candlepin-4.1.8-1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-4142.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}