CVE-2016-3106

NONE EPSS 56.4%
Published Apr 13, 20179y ago ยท Modified Jun 17, 20262w ago
Find Similar
Published Apr 13, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner.

Threat Intelligence

EPSS Exploit Probability
56.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-362

Affected Products 1

VendorProductVersionRange
pulpprojectpulp2.8.2-1any

References 4

  • openwall.com http://www.openwall.com/lists/oss-security/2016/04/18/11
    Mailing ListPatchThird Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2016/05/20/1
    Mailing ListPatchThird Party Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1324926
    Issue TrackingPatch
  • pulp.plan.io https://pulp.plan.io/issues/1827
    Issue TrackingPatchThird Party Advisory

Remediation

  • openwall.com http://www.openwall.com/lists/oss-security/2016/04/18/11
    Mailing ListPatchThird Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2016/05/20/1
    Mailing ListPatchThird Party Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1324926
    Issue TrackingPatch
  • pulp.plan.io https://pulp.plan.io/issues/1827
    Issue TrackingPatchThird Party Advisory