CVE-2013-4455

Published: May 14, 2014Modified: May 6, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file.

Affected (17)

Products: Katello: Katello Installer

Katello

1 product

Katello Installer

Configuration A

17 vulnerable

Vulnerable Software	Affected Versions
Katello Katello Installer	Up to 0.0.17
Katello Katello Installer	Version 0.0.10
Katello Katello Installer	Version 0.0.11
Katello Katello Installer	Version 0.0.12
Katello Katello Installer	Version 0.0.13
Katello Katello Installer	Version 0.0.14
Katello Katello Installer	Version 0.0.15
Katello Katello Installer	Version 0.0.16
Katello Katello Installer	Version 0.0.1
Katello Katello Installer	Version 0.0.2
Katello Katello Installer	Version 0.0.3
Katello Katello Installer	Version 0.0.4
Katello Katello Installer	Version 0.0.5
Katello Katello Installer	Version 0.0.6
Katello Katello Installer	Version 0.0.7
Katello Katello Installer	Version 0.0.8
Katello Katello Installer	Version 0.0.9

Related CWEs

CWE-264

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=1021784

Source: secalert@redhat.com

https://github.com/Katello/katello-installer/commit/15e01086bcb3f5d42525730e8b162bca11bec85e

Source: secalert@redhat.com

ExploitPatch

https://bugzilla.redhat.com/show_bug.cgi?id=1021784

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/Katello/katello-installer/commit/15e01086bcb3f5d42525730e8b162bca11bec85e

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

Timeline

No history available yet.