CVE-2012-6116

katello-configure < 1.3.3.pulpv2 - Unauthenticated Arbitrary File Write via Weak Candlepin Bootstrap RPM Permissions

Title source: llm
STIX 2.1

Description

modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.

References (5)

Core 5
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/52774
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0547.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0686.html

Scores

EPSS 0.0023
EPSS Percentile 13.6%

Details

CWE
CWE-264
Status published
Products (2)
katello/katello
katello/katello-configure < 1.3.2_pulpv2
Published Mar 01, 2013
Tracked Since Feb 18, 2026