EUVD-2016-4161

Malware in sbrugna...

Design/Logic Flaw

The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data...

CVE-2016-3107

The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data...

CVE-2016-3107

The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data...

CVE-2016-3107

CVE-2016-3107 affects Pulp: the Node certificate private key is stored in a world‑readable file under /etc/pki/pulp/nodes/, enabling local users to access sensitive data. Affected versions: Pulp before 2.8.3. Root cause: insecure file permissions on the node certificate. Impact: potential disclos...

PT-2017-8337 · Pulp · Pulp

Name of the Vulnerable Software and Affected Versions: Pulp versions prior to 2.8.3 Description: The issue concerns a world-readable file containing the private key for the Node certificate, stored in the "/etc/pki/pulp/nodes/" directory. This allows local users to access sensitive data,...

pulp: Node certificate containing private key stored in world-readable file

It was found that the private key for the node certificate was contained in a world-readable file. A local user could possibly use this flaw to gain access to the private key information in the file...

Pulp Information Disclosure Vulnerability (CNVD-2016-03574)

Pulp is a free and open source repository platform for managing content. The platform supports pushing content from software packages to consumers. An information disclosure vulnerability exists in Pulp that stems from a Node certificate being installed in a globally readable form. An attacker ca...