195 matches found
PT-2017-8411 · Pulp · Pulp
Name of the Vulnerable Software and Affected Versions: Pulp versions prior to 2.8.5 Description: The issue allows local users to obtain the CA key due to a problem in the pulp-qpid-ssl-cfg script. Recommendations: For versions prior to 2.8.5, update to version 2.8.5 or later to resolve the issue...
PT-2017-8413 · Pulp · Pulp
Name of the Vulnerable Software and Affected Versions: Pulp versions prior to 2.8.5 Description: The issue arises from the unsafe use of bash's $RANDOM variable to generate passwords. Recommendations: For versions prior to 2.8.5, update to version 2.8.5 or later to resolve the issue...
Code injection
server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key...
CVE-2016-3095
server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key...
CVE-2016-3095
server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key...
CVE-2016-3095
server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key...
CVE-2016-3095
CVE-2016-3095 affects Pulp prior to 2.8.2. The vulnerability arises in the script server/bin/pulp-gen-ca-certificate, which creates a private key in a world-readable file, allowing local users to read the CA private key. Public sources (NVD, CNVD, osv.dev, Fedora advisory) consistently state this...
CVE-2016-3107
The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data...
CVE-2016-3112
client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer private keys and escalate privileges by reading /etc/pki/pulp/consumer/consumer-cert, and...
Design/Logic Flaw
The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data...
Code injection
pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via...
Design/Logic Flaw
client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer private keys and escalate privileges by reading /etc/pki/pulp/consumer/consumer-cert, and...
Code injection
The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack...
CVE-2016-3111
pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via...
CVE-2016-3108
The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack...
CVE-2016-3108
The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack...
CVE-2016-3112
client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer private keys and escalate privileges by reading /etc/pki/pulp/consumer/consumer-cert, and...
CVE-2016-3107
The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data...
CVE-2016-3111
pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via...
CVE-2016-3107
The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data...