Описание
server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key.
Отчет
This issue did not affect the versions of pulp as shipped with Red Hat Satellite 6.x and Red Hat Update Infrastructure 2.x as they did not include support for pulp-gen-ca-certificate.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Satellite 6 | pulp | Not affected | ||
| RHUI for RHEL 6 | pulp | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1322706pulp: Potential leakage when generating new CA key in /tmp
1.9 Low
CVSS2
Связанные уязвимости
CVSS3: 5.5
nvd
больше 8 лет назад
server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key.
CVSS3: 5.5
github
больше 3 лет назад
server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key.
1.9 Low
CVSS2