CVE-2013-4455

2014-05-1419:00:00

redhat

www.cve.org

AI Score

6.2

Confidence

Low

EPSS

Percentile

5.1%

JSON

Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file.

References

bugzilla.redhat.com/show_bug.cgi?id=1021784

github.com/Katello/katello-installer/commit/15e01086bcb3f5d42525730e8b162bca11bec85e