Описание
Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Satellite 6 | katello-installer | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-732
https://bugzilla.redhat.com/show_bug.cgi?id=1021784katello-installer: node-installer creates world readable private key file
6.1 Medium
CVSS2
Связанные уязвимости
nvd
больше 11 лет назад
Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file.
github
больше 3 лет назад
Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file.
6.1 Medium
CVSS2