CVE-2016-3112

Published: Jun 8, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer private keys and escalate privileges by reading /etc/pki/pulp/consumer/consumer-cert, and authenticating as a consumer user.

Affected (1)

Products: Pulpproject: Pulp

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pulpproject Pulp	Up to 2.8.2-1

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (10)

http://www.openwall.com/lists/oss-security/2016/05/20/1

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHBA-2016:1501

Source: secalert@redhat.com

https://bugzilla.redhat.com/attachment.cgi?id=1146538

Source: secalert@redhat.com

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=1326242

Source: secalert@redhat.com

Issue Tracking

https://pulp.plan.io/issues/1834

Source: secalert@redhat.com

PatchVendor Advisory

http://www.openwall.com/lists/oss-security/2016/05/20/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHBA-2016:1501

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/attachment.cgi?id=1146538

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=1326242

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://pulp.plan.io/issues/1834

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.