Lucene search
HistoryMar 01, 2013 - 5:40 a.m.
CVE-2012-6116
cve-2012-6116
katello-configure
weak permissions
candlepin
rpm
local users
security vulnerability
6.3 Medium
AI Score
Confidence
Low
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
5.3%
modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
| CPE | Name | Operator | Version |
|---|---|---|---|
| katello:katello-configure | katello katello-configure | le | 1.3.2_pulpv2 |
| katello:katello | katello | eq | - |
Related
prion
prion
Code injection
2013-03-01 05:40:00
veracode
veracode
Authorization Bypass
2019-01-15 09:00:49
Input Validation Bypass
2019-05-02 04:44:16
Arbitrary Code Execution
2019-05-02 04:44:25
redhat
redhat
(RHSA-2013:0686) Moderate: Subscription Asset Manager 1.2.1 update
2013-03-26 00:00:00
nessus
nessus
RHEL 6 : Subscription Asset Manager (RHSA-2013:0686)
2013-04-10 00:00:00
6.3 Medium
AI Score
Confidence
Low
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
5.3%
Related for CVE-2012-6116