Veracode Vulnerability DatabaseVERACODE:18960Information Disclosure
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
Red Hat Satellite is vulnerable to information disclosure. This is because the pulp-qpid-ssl-cfg script creates certificate files and NSS database files in a world-readable temporary directory rather than permanent installation directory with wrongly assigned permissions which will be corrected just after the copying process is completed. Attackers can steal sensitive data during the time frame given because of this bug.
References
access.redhat.com/documentation/en-us/red_hat_satellite/6.3/html/release_notes/
access.redhat.com/errata/RHSA-2018:0336
access.redhat.com/security/cve/CVE-2016-3696
access.redhat.com/security/cve/CVE-2017-15699
access.redhat.com/security/cve/CVE-2017-2295
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1019214
bugzilla.redhat.com/show_bug.cgi?id=1132402
bugzilla.redhat.com/show_bug.cgi?id=1133515
bugzilla.redhat.com/show_bug.cgi?id=1140671
bugzilla.redhat.com/show_bug.cgi?id=1144042
bugzilla.redhat.com/show_bug.cgi?id=1145653
bugzilla.redhat.com/show_bug.cgi?id=1154382
bugzilla.redhat.com/show_bug.cgi?id=1177766
bugzilla.redhat.com/show_bug.cgi?id=1187338
bugzilla.redhat.com/show_bug.cgi?id=1190002
bugzilla.redhat.com/show_bug.cgi?id=1199204
bugzilla.redhat.com/show_bug.cgi?id=1210878
bugzilla.redhat.com/show_bug.cgi?id=1215825
bugzilla.redhat.com/show_bug.cgi?id=1217523
bugzilla.redhat.com/show_bug.cgi?id=1245642
bugzilla.redhat.com/show_bug.cgi?id=1255484
bugzilla.redhat.com/show_bug.cgi?id=1257588
bugzilla.redhat.com/show_bug.cgi?id=1260697
bugzilla.redhat.com/show_bug.cgi?id=1263748
bugzilla.redhat.com/show_bug.cgi?id=1264043
bugzilla.redhat.com/show_bug.cgi?id=1264732
bugzilla.redhat.com/show_bug.cgi?id=1265125
bugzilla.redhat.com/show_bug.cgi?id=1270771
bugzilla.redhat.com/show_bug.cgi?id=1274159
bugzilla.redhat.com/show_bug.cgi?id=1278642
bugzilla.redhat.com/show_bug.cgi?id=1278644
bugzilla.redhat.com/show_bug.cgi?id=1284686
bugzilla.redhat.com/show_bug.cgi?id=1291935
bugzilla.redhat.com/show_bug.cgi?id=1292510
bugzilla.redhat.com/show_bug.cgi?id=1293538
bugzilla.redhat.com/show_bug.cgi?id=1303103
bugzilla.redhat.com/show_bug.cgi?id=1304608
bugzilla.redhat.com/show_bug.cgi?id=1305059
bugzilla.redhat.com/show_bug.cgi?id=1306723
bugzilla.redhat.com/show_bug.cgi?id=1309569
bugzilla.redhat.com/show_bug.cgi?id=1309944
bugzilla.redhat.com/show_bug.cgi?id=1313634
bugzilla.redhat.com/show_bug.cgi?id=1317614
bugzilla.redhat.com/show_bug.cgi?id=1318534
bugzilla.redhat.com/show_bug.cgi?id=1323436
bugzilla.redhat.com/show_bug.cgi?id=1324508
bugzilla.redhat.com/show_bug.cgi?id=1327030
bugzilla.redhat.com/show_bug.cgi?id=1328238
bugzilla.redhat.com/show_bug.cgi?id=1328930
bugzilla.redhat.com/show_bug.cgi?id=1336924
bugzilla.redhat.com/show_bug.cgi?id=1339715
bugzilla.redhat.com/show_bug.cgi?id=1340559
bugzilla.redhat.com/show_bug.cgi?id=1342623
bugzilla.redhat.com/show_bug.cgi?id=1344049
bugzilla.redhat.com/show_bug.cgi?id=1361473
bugzilla.redhat.com/show_bug.cgi?id=1366029
bugzilla.redhat.com/show_bug.cgi?id=1370168
bugzilla.redhat.com/show_bug.cgi?id=1376134
bugzilla.redhat.com/show_bug.cgi?id=1376191
bugzilla.redhat.com/show_bug.cgi?id=1382356
bugzilla.redhat.com/show_bug.cgi?id=1382735
bugzilla.redhat.com/show_bug.cgi?id=1384146
bugzilla.redhat.com/show_bug.cgi?id=1384548
bugzilla.redhat.com/show_bug.cgi?id=1386266
bugzilla.redhat.com/show_bug.cgi?id=1386278
bugzilla.redhat.com/show_bug.cgi?id=1390545
bugzilla.redhat.com/show_bug.cgi?id=1391831
bugzilla.redhat.com/show_bug.cgi?id=1393409
bugzilla.redhat.com/show_bug.cgi?id=1394056
bugzilla.redhat.com/show_bug.cgi?id=1402922
bugzilla.redhat.com/show_bug.cgi?id=1410872
bugzilla.redhat.com/show_bug.cgi?id=1412186
bugzilla.redhat.com/show_bug.cgi?id=1413851
bugzilla.redhat.com/show_bug.cgi?id=1416119
bugzilla.redhat.com/show_bug.cgi?id=1417073
bugzilla.redhat.com/show_bug.cgi?id=1420711
bugzilla.redhat.com/show_bug.cgi?id=1422458
bugzilla.redhat.com/show_bug.cgi?id=1425121
bugzilla.redhat.com/show_bug.cgi?id=1425523
bugzilla.redhat.com/show_bug.cgi?id=1426404
bugzilla.redhat.com/show_bug.cgi?id=1426411
bugzilla.redhat.com/show_bug.cgi?id=1426448
bugzilla.redhat.com/show_bug.cgi?id=1428761
bugzilla.redhat.com/show_bug.cgi?id=1429426
bugzilla.redhat.com/show_bug.cgi?id=1434069
bugzilla.redhat.com/show_bug.cgi?id=1435972
bugzilla.redhat.com/show_bug.cgi?id=1438376
bugzilla.redhat.com/show_bug.cgi?id=1439850
bugzilla.redhat.com/show_bug.cgi?id=1445807
bugzilla.redhat.com/show_bug.cgi?id=1446707
bugzilla.redhat.com/show_bug.cgi?id=1446719
bugzilla.redhat.com/show_bug.cgi?id=1452124
bugzilla.redhat.com/show_bug.cgi?id=1455057
bugzilla.redhat.com/show_bug.cgi?id=1455455
bugzilla.redhat.com/show_bug.cgi?id=1458817
bugzilla.redhat.com/show_bug.cgi?id=1464224
bugzilla.redhat.com/show_bug.cgi?id=1468248
bugzilla.redhat.com/show_bug.cgi?id=1480346
bugzilla.redhat.com/show_bug.cgi?id=1480348
bugzilla.redhat.com/show_bug.cgi?id=1493001
bugzilla.redhat.com/show_bug.cgi?id=1493494
bugzilla.redhat.com/show_bug.cgi?id=1517827
bugzilla.redhat.com/show_bug.cgi?id=1529099
docs.pulpproject.org/user-guide/release-notes/2.8.x.html#pulp-2-8-5
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YM2LCC7QBRCK4LTN5EZT5OHTVAR3MYTY/
lists.fedoraproject.org/archives/list/[email protected]/message/YM2LCC7QBRCK4LTN5EZT5OHTVAR3MYTY/
pulp.plan.io/issues/1854
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N