CVE-2016-3696

MEDIUM

Pulp <2.8.5 - Info Disclosure

Title source: llm
STIX 2.1

Description

The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.

References (5)

Core 5
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0336
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1328930
Issue Tracking, Vendor Advisory x_refsource_confirm
https://pulp.plan.io/issues/1854

Scores

CVSS v3 5.5
EPSS 0.0035
EPSS Percentile 27.2%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
fedoraproject/fedora 24
pulpproject/pulp < 2.8.4
Published Jun 13, 2017
Tracked Since Feb 18, 2026