Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
Red Hat
Privilege Escalation
Candlepin
Subscription Asset Manager
NVD
GitHub
CVSS 2.0
2.1
EPSS
0.1%