CVE-2016-3111

pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via reading the key files while the installation process is running.
Configurations

Configuration 1 (hide)

cpe:2.3:a:pulpproject:pulp:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-06-08 18:29

Updated : 2024-02-04 19:29


NVD link : CVE-2016-3111

Mitre link : CVE-2016-3111

CVE.ORG link : CVE-2016-3111


JSON object : View

Products Affected

pulpproject

  • pulp
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor