Lucene search
K

195 matches found

Cvelist
Cvelist
added 2017/06/08 6:0 p.m.18 views

CVE-2016-3107

The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data...

5.5AI score0.00201EPSS
Exploits0References5
CVE
CVE
added 2017/06/08 6:0 p.m.58 views

CVE-2016-3111

CVE-2016-3111 affects Pulp 2.8.3 during installation. The root cause is that the build/install process (pulp.spec) generates RSA key pairs in a directory that is temporarily world-readable, potentially allowing local users to read the keys while the installation runs. The available connected sour...

5.5CVSS5AI score0.0039EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2017/06/08 6:0 p.m.16 views

CVE-2016-3111

pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via...

5.2AI score0.0039EPSS
Exploits0References9
Cvelist
Cvelist
added 2017/06/08 6:0 p.m.25 views

CVE-2016-3108

The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack...

6.7AI score0.00257EPSS
Exploits0References6
CVE
CVE
added 2017/06/08 6:0 p.m.56 views

CVE-2016-3108

CVE-2016-3108 affects the pulp-gen-nodes-certificate script in Pulp (before 2.8.3). The vulnerability allows local users to leak keys or write to arbitrary files via a symlink attack . This aligns with the NVD entry describing the issue and the CVSS3 vector indicating local access, low attack com...

7.1CVSS6.7AI score0.00257EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2017/06/08 6:0 p.m.68 views

CVE-2016-3107

CVE-2016-3107 affects Pulp: the Node certificate private key is stored in a world‑readable file under /etc/pki/pulp/nodes/, enabling local users to access sensitive data. Affected versions: Pulp before 2.8.3. Root cause: insecure file permissions on the node certificate. Impact: potential disclos...

5.5CVSS5.5AI score0.00201EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2017/06/08 6:0 p.m.67 views

CVE-2016-3112

The CVE-2016-3112 issue affects Pulp before 2.8.3, where client/consumer/cli.py writes consumer private keys to /etc/pki/pulp/consumer/consumer-cert.pem as world-readable. This allows remote authenticated users to read the consumer private keys and escalate privileges by authenticating as a consu...

7.5CVSS7.3AI score0.02193EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2017/06/08 12:0 a.m.3 views

PT-2017-8338 · Pulp · Pulp

Name of the Vulnerable Software and Affected Versions: Pulp versions prior to 2.8.3 Description: The issue allows local users to leak keys or write to arbitrary files via a symlink attack, specifically targeting the pulp-gen-nodes-certificate script in Pulp. Recommendations: For versions prior to...

7.1CVSS5.9AI score0.00257EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2017/06/08 12:0 a.m.7 views

PT-2017-8341 · Pulp · Pulp

Name of the Vulnerable Software and Affected Versions: Pulp versions prior to 2.8.3 Description: The issue allows remote authenticated users to obtain consumer private keys and escalate privileges. This is due to the world-readable writing of consumer private keys to...

7.5CVSS6.2AI score0.02193EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2017/06/08 12:0 a.m.10 views

PT-2017-8337 · Pulp · Pulp

Name of the Vulnerable Software and Affected Versions: Pulp versions prior to 2.8.3 Description: The issue concerns a world-readable file containing the private key for the Node certificate, stored in the "/etc/pki/pulp/nodes/" directory. This allows local users to access sensitive data,...

5.5CVSS5.5AI score0.00201EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2017/06/08 12:0 a.m.5 views

PT-2017-8340 · Pulp · Pulp

Name of the Vulnerable Software and Affected Versions: Pulp version 2.8.3 Description: The issue arises during the installation process of Pulp, where the pulp.spec generates RSA key pairs in a world-readable directory before modifying the permissions. This might allow local users to read the...

5.5CVSS5.4AI score0.0039EPSS
Exploits0References11
NVD
NVD
added 2017/04/13 2:59 p.m.24 views

CVE-2016-3106

Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner...

5.3CVSS5.3AI score0.00938EPSS
Exploits0References4
OSV
OSV
added 2017/04/13 2:59 p.m.21 views

CVE-2016-3106

Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner...

5.3CVSS6.8AI score0.00938EPSS
Exploits0References4
Prion
Prion
added 2017/04/13 2:59 p.m.13 views

Information disclosure

Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner...

5CVSS7AI score0.00938EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2017/04/13 2:0 p.m.45 views

CVE-2016-3106

CVE-2016-3106 : Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner, enabling potential exposure of sensitive data. The vulnerability affects Pulp’s CA key generation process; CVSS vectors indicate network access with low complexity and partial confident...

5.3CVSS5.2AI score0.00938EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2017/04/13 2:0 p.m.19 views

CVE-2016-3106

Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner...

5.3AI score0.00938EPSS
Exploits0References4
Prion
Prion
added 2017/04/03 3:59 p.m.11 views

Design/Logic Flaw

Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations...

5CVSS7.2AI score0.00867EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2017/04/03 3:59 p.m.13 views

CVE-2013-7450

Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations...

7.5CVSS7.6AI score0.00867EPSS
Exploits0References6
Cvelist
Cvelist
added 2017/04/03 3:0 p.m.16 views

CVE-2013-7450

Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations...

7.6AI score0.00867EPSS
Exploits0References6
CVE
CVE
added 2017/04/03 3:0 p.m.43 views

CVE-2013-7450

CVE-2013-7450 affects Pulp versions before 2.3.0. The root cause is that the same CA key and certificate are used across all installations, creating a single trusted-trust anchor per deployment. Reported impact includes potential modification of the CA certificate, undermining PKI trust. Exploita...

7.5CVSS7.6AI score0.00867EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder