Описание
pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via reading the key files while the installation process is running.
Ссылки
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Mailing ListThird Party Advisory
- Issue Tracking
- Issue TrackingPatch
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- PatchVendor Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Mailing ListThird Party Advisory
- Issue Tracking
- Issue TrackingPatch
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
EPSS
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
Связанные уязвимости
pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via reading the key files while the installation process is running.
pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via reading the key files while the installation process is running.
EPSS
5.5 Medium
CVSS3
2.1 Low
CVSS2