Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Published: 2013-01-04
Updated: 2017-08-29
Summary
Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file.
Vulnerable Configurations
| Part | Description | Count |
| Application | Redhat | 1 |
Common Weakness Enumeration (CWE)
Redhat
| advisories | |
| rpms | - candlepin-0:0.7.8.1-1.el6cf
- candlepin-devel-0:0.7.8.1-1.el6cf
- candlepin-selinux-0:0.7.8.1-1.el6cf
- candlepin-tomcat6-0:0.7.8.1-1.el6cf
- gofer-0:0.66.1-2.el5
- gofer-0:0.66.1-2.el6cf
- gofer-package-0:0.66.1-2.el5
- gofer-package-0:0.66.1-2.el6cf
- gofer-watchdog-0:0.66.1-2.el5
- gofer-watchdog-0:0.66.1-2.el6cf
- grinder-0:0.0.150-1.el6cf
- katello-0:1.1.12-22.el6cf
- katello-agent-0:1.1.2-1.el5
- katello-agent-0:1.1.2-1.el6cf
- katello-all-0:1.1.12-22.el6cf
- katello-api-docs-0:1.1.12-22.el6cf
- katello-certs-tools-0:1.1.8-1.el6cf
- katello-cli-0:1.1.8-12.el6cf
- katello-cli-common-0:1.1.8-12.el6cf
- katello-cli-tests-0:1.1.5-2.el6cf
- katello-common-0:1.1.12-22.el6cf
- katello-configure-0:1.1.9-12.el6cf
- katello-glue-candlepin-0:1.1.12-22.el6cf
- katello-glue-pulp-0:1.1.12-22.el6cf
- katello-selinux-0:1.1.1-2.el6cf
- pulp-0:1.1.14-1.el6cf
- pulp-admin-0:1.1.14-1.el6cf
- pulp-client-lib-0:1.1.14-1.el6cf
- pulp-common-0:1.1.14-1.el6cf
- pulp-consumer-0:1.1.14-1.el6cf
- pulp-selinux-server-0:1.1.14-1.el6cf
- python-gofer-0:0.66.1-2.el5
- python-gofer-0:0.66.1-2.el6cf
- quartz-0:2.1.5-4.el6cf
- rubygem-apipie-rails-0:0.0.11-3.el6cf
|