CVE-2012-5561
Katello 1.1 - Unauthorized Exposure of Sensitive Information via World-Readable Passphrase File
Title source: llmDescription
script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file.
References (4)
Core 4
Core References
Issue Tracking x_refsource_confirm
https://github.com/Katello/katello/pull/1349
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0547.html
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=879094
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0544.html
Scores
EPSS
0.0034
EPSS Percentile
25.9%
Details
CWE
CWE-200
Status
published
Products (1)
katello/katello
1.1
Published
Mar 01, 2013
Tracked Since
Feb 18, 2026