Katello Installer < 0.0.18 - Unauthenticated Private Key Exposure via World-Readable Permissions
Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file.