CVE-2016-3095Sensitive Information Exposure in Pulp

CWE-200Sensitive Information Exposure6 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 86.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Pulpproject PulpFedoraproject Fedora
Timeline
PublishedJun 8
Latest updateMay 17

Description

server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDpulpproject/pulp2.8.1

Also affects: Fedora 24

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-rgm2-v748-933h: server/bin/pulp-gen-ca-certificate in Pulp before 22022-05-17
CVEList
CVE-2016-3095: server/bin/pulp-gen-ca-certificate in Pulp before 22017-06-08

📋Vendor Advisories

1
Red Hat
pulp: Potential leakage when generating new CA key in /tmp2016-03-31

💬Community

2
Bugzilla
CVE-2016-3106 pulp: Insecure creation of temporary directory when generating new CA key2016-04-07
Bugzilla
CVE-2016-3095 pulp: Potential leakage when generating new CA key in /tmp2016-03-31
CVE-2016-3095 — Sensitive Information Exposure in Pulp | cvebase