CVE-2012-5561

Katello 1.1 - Unauthorized Exposure of Sensitive Information via World-Readable Passphrase File

Title source: llm
STIX 2.1

Description

script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file.

References (4)

Core 4
Core References
Issue Tracking x_refsource_confirm
https://github.com/Katello/katello/pull/1349
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0547.html
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=879094
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0544.html

Scores

EPSS 0.0034
EPSS Percentile 25.9%

Details

CWE
CWE-200
Status published
Products (1)
katello/katello 1.1
Published Mar 01, 2013
Tracked Since Feb 18, 2026