CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3112
https://notcve.org/view.php?id=CVE-2016-3112
client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer private keys and escalate privileges by reading /etc/pki/pulp/consumer/consumer-cert, and authenticating as a consumer user. client/consumer/cli.py en Pulp, en versiones anteriores a la 2.8.3, escribe claves privadas del usuario en etc/pki/pulp/consumer/consumer-cert.pem de forma legible para todos los usuarios, lo que permite que usuarios autenticados remotos obtengan las claves privadas de los consumidores y eleven privilegios mediante la lectura de /etc/pki/pulp/consumer/consumer-cert y autenticándose como el usuario consumidor. • http://www.openwall.com/lists/oss-security/2016/05/20/1 https://access.redhat.com/errata/RHBA-2016:1501 https://bugzilla.redhat.com/attachment.cgi?id=1146538 https://bugzilla.redhat.com/show_bug.cgi?id=1326242 https://pulp.plan.io/issues/1834 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3107
https://notcve.org/view.php?id=CVE-2016-3107
The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data. El certificado Node en Pulp anterior a la versión 2.8.3, contiene la clave privada y se almacena en un archivo de lectura mundial en el directorio "/etc/pki/pulp/nodes/", que permite a los usuarios locales conseguir acceso a datos confidenciales. • http://www.openwall.com/lists/oss-security/2016/05/20/1 https://access.redhat.com/errata/RHBA-2016:1501 https://bugzilla.redhat.com/attachment.cgi?id=1146471 https://bugzilla.redhat.com/show_bug.cgi?id=1325930 https://pulp.plan.io/issues/1833 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3106
https://notcve.org/view.php?id=CVE-2016-3106
Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner. Pulp en versiones anteriores a 2.8.3 crea un directorio temporal durante la generación de claves CA de forma insegura. • http://www.openwall.com/lists/oss-security/2016/04/18/11 http://www.openwall.com/lists/oss-security/2016/05/20/1 https://bugzilla.redhat.com/show_bug.cgi?id=1324926 https://pulp.plan.io/issues/1827 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7450
https://notcve.org/view.php?id=CVE-2013-7450
Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations. Pulp en versiones anteriores a 2.3.0 utiliza la misma clave y certificado de autoridad de certificación para todas las instalaciones. • http://www.openwall.com/lists/oss-security/2016/04/18/11 http://www.openwall.com/lists/oss-security/2016/04/18/5 http://www.openwall.com/lists/oss-security/2016/05/20/1 https://bugzilla.redhat.com/show_bug.cgi?id=1003326 https://bugzilla.redhat.com/show_bug.cgi?id=1328345 https://github.com/pulp/pulp/pull/627 • CWE-295: Improper Certificate Validation •