exploitDog

CVE-2016-3108

Опубликовано: 08 июн. 2017

Источник: nvd

CVSS3: 7.1

CVSS2: 3.6

EPSS Низкий

Описание

The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack.

Ссылки

http://www.openwall.com/lists/oss-security/2016/05/20/1
Mailing List
Third Party Advisory
https://access.redhat.com/errata/RHBA-2016:1501
https://bugzilla.redhat.com/attachment.cgi?id=1146475
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1325934
Issue Tracking
https://github.com/pulp/pulp/pull/2528
Issue Tracking
Patch
Third Party Advisory
https://pulp.plan.io/issues/1830
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/05/20/1
Mailing List
Third Party Advisory
https://access.redhat.com/errata/RHBA-2016:1501
https://bugzilla.redhat.com/attachment.cgi?id=1146475
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1325934
Issue Tracking
https://github.com/pulp/pulp/pull/2528
Issue Tracking
Patch
Third Party Advisory
https://pulp.plan.io/issues/1830
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pulpproject:pulp:*:*:*:*:*:*:*:*

Версия до 2.8.2-1 (включая)

EPSS

Процентиль: 12%

0.00041

Низкий

7.1 High

CVSS3

3.6 Low

CVSS2

Дефекты

CWE-59

Связанные уязвимости

CVE-2016-3108

redhat

почти 10 лет назад

The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack.

GHSA-2wh2-4qxg-w52c

CVSS3: 7.1

github

больше 3 лет назад

The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack.

EPSS

Процентиль: 12%

0.00041

Низкий

7.1 High

CVSS3

3.6 Low

CVSS2

Дефекты

CWE-59