cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-1832,https://securityvulnerability.io/vulnerability/CVE-2023-1832,Improper authorization check in the server component,"An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant.",Red Hat,"Candlepin-4.3.7,Candlepin-4.3.8,Red Hat Satellite 6",6.8,MEDIUM,0.0007399999885819852,false,false,false,false,,false,false,2023-10-04T14:15:00.000Z,0
CVE-2019-3891,https://securityvulnerability.io/vulnerability/CVE-2019-3891,,"It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates.",Red Hat,Candlepin,5.5,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2019-04-15T12:31:00.000Z,0