195 matches found
CVE-2016-3107
The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data...
CVE-2016-3111
CVE-2016-3111 affects Pulp 2.8.3 during installation. The root cause is that the build/install process (pulp.spec) generates RSA key pairs in a directory that is temporarily world-readable, potentially allowing local users to read the keys while the installation runs. The available connected sour...
CVE-2016-3111
pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via...
CVE-2016-3108
The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack...
CVE-2016-3108
CVE-2016-3108 affects the pulp-gen-nodes-certificate script in Pulp (before 2.8.3). The vulnerability allows local users to leak keys or write to arbitrary files via a symlink attack . This aligns with the NVD entry describing the issue and the CVSS3 vector indicating local access, low attack com...
CVE-2016-3107
CVE-2016-3107 affects Pulp: the Node certificate private key is stored in a world‑readable file under /etc/pki/pulp/nodes/, enabling local users to access sensitive data. Affected versions: Pulp before 2.8.3. Root cause: insecure file permissions on the node certificate. Impact: potential disclos...
CVE-2016-3112
The CVE-2016-3112 issue affects Pulp before 2.8.3, where client/consumer/cli.py writes consumer private keys to /etc/pki/pulp/consumer/consumer-cert.pem as world-readable. This allows remote authenticated users to read the consumer private keys and escalate privileges by authenticating as a consu...
PT-2017-8338 · Pulp · Pulp
Name of the Vulnerable Software and Affected Versions: Pulp versions prior to 2.8.3 Description: The issue allows local users to leak keys or write to arbitrary files via a symlink attack, specifically targeting the pulp-gen-nodes-certificate script in Pulp. Recommendations: For versions prior to...
PT-2017-8341 · Pulp · Pulp
Name of the Vulnerable Software and Affected Versions: Pulp versions prior to 2.8.3 Description: The issue allows remote authenticated users to obtain consumer private keys and escalate privileges. This is due to the world-readable writing of consumer private keys to...
PT-2017-8337 · Pulp · Pulp
Name of the Vulnerable Software and Affected Versions: Pulp versions prior to 2.8.3 Description: The issue concerns a world-readable file containing the private key for the Node certificate, stored in the "/etc/pki/pulp/nodes/" directory. This allows local users to access sensitive data,...
PT-2017-8340 · Pulp · Pulp
Name of the Vulnerable Software and Affected Versions: Pulp version 2.8.3 Description: The issue arises during the installation process of Pulp, where the pulp.spec generates RSA key pairs in a world-readable directory before modifying the permissions. This might allow local users to read the...
CVE-2016-3106
Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner...
CVE-2016-3106
Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner...
Information disclosure
Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner...
CVE-2016-3106
CVE-2016-3106 : Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner, enabling potential exposure of sensitive data. The vulnerability affects Pulp’s CA key generation process; CVSS vectors indicate network access with low complexity and partial confident...
CVE-2016-3106
Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner...
Design/Logic Flaw
Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations...
CVE-2013-7450
Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations...
CVE-2013-7450
Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations...
CVE-2013-7450
CVE-2013-7450 affects Pulp versions before 2.3.0. The root cause is that the same CA key and certificate are used across all installations, creating a single trusted-trust anchor per deployment. Reported impact includes potential modification of the CA certificate, undermining PKI trust. Exploita...