CVE-2016-3111

Published: Jun 8, 2017Modified: May 13, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via reading the key files while the installation process is running.

Affected (1)

Products: Pulpproject: Pulp

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pulpproject Pulp	Up to 2.8.2-1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (18)

http://pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.spec#n317

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

http://pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.spec#n620

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2016/05/20/1

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHBA-2016:1501

Source: secalert@redhat.com

https://bugzilla.redhat.com/attachment.cgi?id=1146522

Source: secalert@redhat.com

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=1326251

Source: secalert@redhat.com

Issue TrackingPatch

https://github.com/pulp/pulp/blob/master/pulp.spec#L473-L486

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://github.com/pulp/pulp/blob/master/pulp.spec#L894-L903

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://pulp.plan.io/issues/1837

Source: secalert@redhat.com

PatchVendor Advisory

http://pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.spec#n317

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

http://pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.spec#n620

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2016/05/20/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHBA-2016:1501

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/attachment.cgi?id=1146522

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=1326251

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

https://github.com/pulp/pulp/blob/master/pulp.spec#L473-L486

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://github.com/pulp/pulp/blob/master/pulp.spec#L894-L903

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://pulp.plan.io/issues/1837

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.