Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:11356
HistoryJan 15, 2019 - 9:00 a.m.

Authorization Bypass

2019-01-1509:00:49
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5

EPSS

0

Percentile

5.1%

katello is vulnerable to authorization bypass attacks. The vulnerability exists as modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.

EPSS

0

Percentile

5.1%