CVE-2016-3111
NONE EPSS 31.1%
Published Jun 8, 20179y ago · Modified Jun 17, 20262w ago
Published Jun 8, 2017 9y ago
Last Modified Jun 17, 2026 2w ago
Description
pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via reading the key files while the installation process is running.
Threat Intelligence
EPSS Exploit Probability
31.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| pulpproject | pulp | * | ≤2.8.2-1 |
References 9
- pkgs.fedoraproject.org http://pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.spec#n317
- pkgs.fedoraproject.org http://pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.spec#n620
- openwall.com http://www.openwall.com/lists/oss-security/2016/05/20/1
- access.redhat.com https://access.redhat.com/errata/RHBA-2016:1501
- bugzilla.redhat.com https://bugzilla.redhat.com/attachment.cgi?id=1146522
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1326251
- github.com https://github.com/pulp/pulp/blob/master/pulp.spec#L473-L486
- github.com https://github.com/pulp/pulp/blob/master/pulp.spec#L894-L903
- pulp.plan.io https://pulp.plan.io/issues/1837
Remediation
- pkgs.fedoraproject.org http://pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.spec#n317
- pkgs.fedoraproject.org http://pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.spec#n620
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1326251
- github.com https://github.com/pulp/pulp/blob/master/pulp.spec#L473-L486
- github.com https://github.com/pulp/pulp/blob/master/pulp.spec#L894-L903
- pulp.plan.io https://pulp.plan.io/issues/1837