CVE-2016-3095

NONE EPSS 22.1%
Published Jun 8, 20179y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jun 8, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key.

Threat Intelligence

EPSS Exploit Probability
22.1% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

Affected Products 2

VendorProductVersionRange
fedoraprojectfedora24any
pulpprojectpulp* ≤2.8.1

References 5

  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182006.html
    Third Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2016/04/06/3
    Mailing ListThird Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2016/04/18/11
    Mailing ListThird Party Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1322706
    ExploitIssue TrackingPatchThird Party AdvisoryVDB Entry
  • github.com https://github.com/pulp/pulp/pull/2503/commits/9f969b94c4b4f310865455d36db207de6cffebca
    PatchThird Party Advisory

Remediation

  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1322706
    ExploitIssue TrackingPatchThird Party AdvisoryVDB Entry
  • github.com https://github.com/pulp/pulp/pull/2503/commits/9f969b94c4b4f310865455d36db207de6cffebca
    PatchThird Party Advisory