ID CVE-2016-3704
Summary Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.
References
Vulnerable Configurations
  • cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pulpproject:pulp:2.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:pulpproject:pulp:2.8.4:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 23-02-2018 - 02:29)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
non_vulnerable_configuration via4
    redhat via4
    advisories
    rhsa
    id RHSA-2018:0336
    refmap via4
    confirm
    fedora FEDORA-2016-4373f7d32a
    misc
    vulnerable_product via4
    • cpe:2.3:a:pulpproject:pulp:2.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pulpproject:pulp:2.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:pulpproject:pulp:2.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:pulpproject:pulp:2.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:pulpproject:pulp:2.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:pulpproject:pulp:2.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pulpproject:pulp:2.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:pulpproject:pulp:2.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:pulpproject:pulp:2.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:pulpproject:pulp:2.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pulpproject:pulp:2.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:pulpproject:pulp:2.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:pulpproject:pulp:2.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:pulpproject:pulp:2.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:pulpproject:pulp:2.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:pulpproject:pulp:2.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pulpproject:pulp:2.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pulpproject:pulp:2.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:pulpproject:pulp:2.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:pulpproject:pulp:2.8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:pulpproject:pulp:2.8.4:*:*:*:*:*:*:*
    Last major update 23-02-2018 - 02:29
    Published 13-06-2017 - 17:29
    Back to Top