CVE-2016-3095
NONE EPSS 22.1%
Published Jun 8, 20179y ago · Modified Jun 17, 20262w ago
Published Jun 8, 2017 9y ago
Last Modified Jun 17, 2026 2w ago
Description
server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key.
Threat Intelligence
EPSS Exploit Probability
22.1% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
Affected Products 2
| Vendor | Product | Version | Range |
|---|---|---|---|
| fedoraproject | fedora | 24 | any |
| pulpproject | pulp | * | ≤2.8.1 |
References 5
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182006.html
- openwall.com http://www.openwall.com/lists/oss-security/2016/04/06/3
- openwall.com http://www.openwall.com/lists/oss-security/2016/04/18/11
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1322706
- github.com https://github.com/pulp/pulp/pull/2503/commits/9f969b94c4b4f310865455d36db207de6cffebca
Remediation
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1322706
- github.com https://github.com/pulp/pulp/pull/2503/commits/9f969b94c4b4f310865455d36db207de6cffebca