Описание
The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data.
It was found that the private key for the node certificate was contained in a world-readable file. A local user could possibly use this flaw to gain access to the private key information in the file.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| RHUI for RHEL 6 | pulp | Will not fix | ||
| Red Hat Satellite 6.2 for RHEL 6 | candlepin | Fixed | RHBA-2016:1501 | 27.07.2016 |
| Red Hat Satellite 6.2 for RHEL 6 | foreman | Fixed | RHBA-2016:1501 | 27.07.2016 |
| Red Hat Satellite 6.2 for RHEL 6 | foreman-installer | Fixed | RHBA-2016:1501 | 27.07.2016 |
| Red Hat Satellite 6.2 for RHEL 6 | foreman-proxy | Fixed | RHBA-2016:1501 | 27.07.2016 |
| Red Hat Satellite 6.2 for RHEL 6 | foreman-selinux | Fixed | RHBA-2016:1501 | 27.07.2016 |
| Red Hat Satellite 6.2 for RHEL 6 | gofer | Fixed | RHBA-2016:1501 | 27.07.2016 |
| Red Hat Satellite 6.2 for RHEL 6 | katello | Fixed | RHBA-2016:1501 | 27.07.2016 |
| Red Hat Satellite 6.2 for RHEL 6 | katello-agent | Fixed | RHBA-2016:1501 | 27.07.2016 |
| Red Hat Satellite 6.2 for RHEL 6 | katello-certs-tools | Fixed | RHBA-2016:1501 | 27.07.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
2.1 Low
CVSS2
Связанные уязвимости
The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data.
The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data.
EPSS
2.1 Low
CVSS2