CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2012-6116 – Candlepin: bootstrap RPM deploys CA certificate file with mode 666
https://notcve.org/view.php?id=CVE-2012-6116
modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file. modules/certs/manifests/config.pp en katello-configure antes de v1.3.3.pulpv2 en Katello usa permisos débiles (666) para el Candlepin bootstrap RPM, que permite a usuarios locales modificar el certificado CA Candlepin escribiendo en este fichero. • http://rhn.redhat.com/errata/RHSA-2013-0547.html http://rhn.redhat.com/errata/RHSA-2013-0686.html http://secunia.com/advisories/52774 https://github.com/Katello/katello/commits/master/katello-configure/katello-configure.spec https://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf0d https://access.redhat.com/security/cve/CVE-2012-6116 https://bugzilla.redhat.com/show_bug.cgi?id=906207 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-5561 – Katello: /etc/katello/secure/passphrase is world readable
https://notcve.org/view.php?id=CVE-2012-5561
script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file. script/katello-generate-passphrase en Katello v1.1 usa permisos de lectura para todo el mundo para /etc/katello/secure/passphrase, que permite a usuarios locales obtener la contraseña leyendo el fichero. • http://rhn.redhat.com/errata/RHSA-2013-0544.html http://rhn.redhat.com/errata/RHSA-2013-0547.html https://bugzilla.redhat.com/show_bug.cgi?id=879094 https://github.com/Katello/katello/pull/1349 https://access.redhat.com/security/cve/CVE-2012-5561 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •