Max CVSS 5.0 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2016-3112 5.0
client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer private keys and escalate privileges by reading /etc
13-02-2023 - 04:50 08-06-2017 - 18:29
CVE-2016-3111 2.1
pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow loca
13-02-2023 - 04:50 08-06-2017 - 18:29
CVE-2016-3107 2.1
The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data.
12-02-2023 - 23:18 08-06-2017 - 18:29
CVE-2016-3108 3.6
The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack.
12-02-2023 - 23:18 08-06-2017 - 18:29
CVE-2016-3106 5.0
Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner.
26-04-2017 - 13:26 13-04-2017 - 14:59
CVE-2013-7450 5.0
Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations.
26-04-2017 - 13:22 03-04-2017 - 15:59
Back to Top Mark selected
Back to Top