CVE-2013-4455

Katello Installer < 0.0.18 - Unauthenticated Private Key Exposure via World-Readable Permissions

Title source: llm
STIX 2.1

Description

Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file.

Scores

EPSS 0.0046
EPSS Percentile 36.5%

Details

CWE
CWE-264
Status published
Products (17)
katello/katello_installer 0.0.1
katello/katello_installer 0.0.2
katello/katello_installer 0.0.3
katello/katello_installer 0.0.4
katello/katello_installer 0.0.5
katello/katello_installer 0.0.6
katello/katello_installer 0.0.7
katello/katello_installer 0.0.8
katello/katello_installer 0.0.9
katello/katello_installer 0.0.10
... and 7 more
Published May 14, 2014
Tracked Since Feb 18, 2026