CVE-2016-3696

Published: Jun 13, 2017Modified: May 13, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.

Affected (2)

Products: Fedoraproject: Fedora · Pulpproject: Pulp

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 24

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Pulpproject Pulp	Up to 2.8.4

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

https://access.redhat.com/errata/RHSA-2018:0336

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1328930

Source: secalert@redhat.com

Issue Tracking

https://docs.pulpproject.org/user-guide/release-notes/2.8.x.html#pulp-2-8-5

Source: secalert@redhat.com

Permissions Required

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YM2LCC7QBRCK4LTN5EZT5OHTVAR3MYTY/

Source: secalert@redhat.com

https://pulp.plan.io/issues/1854

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://access.redhat.com/errata/RHSA-2018:0336

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=1328930

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://docs.pulpproject.org/user-guide/release-notes/2.8.x.html#pulp-2-8-5

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YM2LCC7QBRCK4LTN5EZT5OHTVAR3MYTY/

Source: af854a3a-2127-422b-91ae-364da2661108

https://pulp.plan.io/issues/1854

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.