Description
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.
References (5)
Core 5
Core References
Permissions Required x_refsource_confirm
https://docs.pulpproject.org/user-guide/release-notes/2.8.x.html#pulp-2-8-5
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0336
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1328930
Issue Tracking, Vendor Advisory x_refsource_confirm
https://pulp.plan.io/issues/1854
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YM2LCC7QBRCK4LTN5EZT5OHTVAR3MYTY/
Scores
CVSS v3
5.5
EPSS
0.0035
EPSS Percentile
27.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
fedoraproject/fedora
24
pulpproject/pulp
< 2.8.4
Published
Jun 13, 2017
Tracked Since
Feb 18, 2026