CVE-2016-3111

{"id": "CVE-2016-3111", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2017-06-08T18:29:00.357", "references": [{"url": "http://pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.spec#n317", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.spec#n620", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2016/05/20/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHBA-2016:1501", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/attachment.cgi?id=1146522", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326251", "tags": ["Issue Tracking", "Patch"], "source": "secalert@redhat.com"}, {"url": "https://github.com/pulp/pulp/blob/master/pulp.spec#L473-L486", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/pulp/pulp/blob/master/pulp.spec#L894-L903", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://pulp.plan.io/issues/1837", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via reading the key files while the installation process is running."}, {"lang": "es", "value": "pulp.spec en el proceso de instalaci\u00f3n para Pulp 2.8.3 genera pares de claves RSA empleadas para validar mensajes entre el servidor pulp y los usuarios de pulp en un directorio que puede ser le\u00eddo por cualquier usuario antes de modificar los permisos. Esto puede permitir que los usuarios locales lean las claves RSA generadas mediante la lectura de archivos de claves mientras se est\u00e1 ejecutando el proceso de instalaci\u00f3n."}], "lastModified": "2023-02-13T04:50:07.630", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pulpproject:pulp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9B1AA4C-9AC9-4D67-94C5-59CBB75A811F", "versionEndIncluding": "2.8.2-1"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}