Ivan Necas

1 exploit Active since May 2014
CVE-2013-4455 WRITEUP WRITEUP
Katello Installer < 0.0.18 - Unauthenticated Private Key Exposure via World-Readable Permissions
Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file.