CVE-2013-4455
Katello Installer < 0.0.18 - Unauthenticated Private Key Exposure via World-Readable Permissions
Title source: llmDescription
Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file.
References (2)
Core 2
Core References
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1021784
Exploit, Patch x_refsource_confirm
https://github.com/Katello/katello-installer/commit/15e01086bcb3f5d42525730e8b162bca11bec85e
Scores
EPSS
0.0046
EPSS Percentile
36.5%
Details
CWE
CWE-264
Status
published
Products (17)
katello/katello_installer
0.0.1
katello/katello_installer
0.0.2
katello/katello_installer
0.0.3
katello/katello_installer
0.0.4
katello/katello_installer
0.0.5
katello/katello_installer
0.0.6
katello/katello_installer
0.0.7
katello/katello_installer
0.0.8
katello/katello_installer
0.0.9
katello/katello_installer
0.0.10
... and 7 more
Published
May 14, 2014
Tracked Since
Feb 18, 2026