CVE-2012-6116

Published Mar 1, 2013

Last updated 12 years ago

Overview

Description: modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:katello:katello:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B029A7B4-A3BE-4AC8-A6D0-C8FC2552492D"
          },
          {
            "criteria": "cpe:2.3:a:katello:katello-configure:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B46FF535-5CF9-4030-B586-FC99BFC114E4",
            "versionEndIncluding": "1.3.2_pulpv2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References