CVE-2016-3111

NONE EPSS 31.1%
Published Jun 8, 20179y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jun 8, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via reading the key files while the installation process is running.

Threat Intelligence

EPSS Exploit Probability
31.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

Affected Products 1

VendorProductVersionRange
pulpprojectpulp* ≤2.8.2-1

References 9

  • pkgs.fedoraproject.org http://pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.spec#n317
    Issue TrackingPatchThird Party Advisory
  • pkgs.fedoraproject.org http://pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.spec#n620
    Issue TrackingPatchThird Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2016/05/20/1
    Mailing ListThird Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHBA-2016:1501
  • bugzilla.redhat.com https://bugzilla.redhat.com/attachment.cgi?id=1146522
    Issue Tracking
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1326251
    Issue TrackingPatch
  • github.com https://github.com/pulp/pulp/blob/master/pulp.spec#L473-L486
    Issue TrackingPatchThird Party Advisory
  • github.com https://github.com/pulp/pulp/blob/master/pulp.spec#L894-L903
    Issue TrackingPatchThird Party Advisory
  • pulp.plan.io https://pulp.plan.io/issues/1837
    PatchVendor Advisory

Remediation

  • pkgs.fedoraproject.org http://pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.spec#n317
    Issue TrackingPatchThird Party Advisory
  • pkgs.fedoraproject.org http://pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.spec#n620
    Issue TrackingPatchThird Party Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1326251
    Issue TrackingPatch
  • github.com https://github.com/pulp/pulp/blob/master/pulp.spec#L473-L486
    Issue TrackingPatchThird Party Advisory
  • github.com https://github.com/pulp/pulp/blob/master/pulp.spec#L894-L903
    Issue TrackingPatchThird Party Advisory
  • pulp.plan.io https://pulp.plan.io/issues/1837
    PatchVendor Advisory