Search criteria
3 vulnerabilities found for katello-configure by katello
FKIE_CVE-2012-6116
Vulnerability from fkie_nvd - Published: 2013-03-01 05:40 - Updated: 2025-04-11 00:51
Severity ?
Summary
modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| katello | katello | - | |
| katello | katello-configure | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:katello:katello:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B029A7B4-A3BE-4AC8-A6D0-C8FC2552492D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:katello:katello-configure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B46FF535-5CF9-4030-B586-FC99BFC114E4",
"versionEndIncluding": "1.3.2_pulpv2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file."
},
{
"lang": "es",
"value": "modules/certs/manifests/config.pp en katello-configure antes de v1.3.3.pulpv2 en Katello usa permisos d\u00e9biles (666) para el Candlepin bootstrap RPM, que permite a usuarios locales modificar el certificado CA Candlepin escribiendo en este fichero."
}
],
"id": "CVE-2012-6116",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-01T05:40:16.910",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0547.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/52774"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/Katello/katello/commits/master/katello-configure/katello-configure.spec"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf0d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0547.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/52774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/Katello/katello/commits/master/katello-configure/katello-configure.spec"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf0d"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2012-6116 (GCVE-0-2012-6116)
Vulnerability from cvelistv5 – Published: 2013-03-01 02:00 – Updated: 2024-08-06 21:28
VLAI?
Summary
modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Katello/katello/commits/master/katello-configure/katello-configure.spec"
},
{
"name": "52774",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52774"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf0d"
},
{
"name": "RHSA-2013:0547",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0547.html"
},
{
"name": "RHSA-2013:0686",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-04T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Katello/katello/commits/master/katello-configure/katello-configure.spec"
},
{
"name": "52774",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52774"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf0d"
},
{
"name": "RHSA-2013:0547",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0547.html"
},
{
"name": "RHSA-2013:0686",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6116",
"datePublished": "2013-03-01T02:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6116 (GCVE-0-2012-6116)
Vulnerability from nvd – Published: 2013-03-01 02:00 – Updated: 2024-08-06 21:28
VLAI?
Summary
modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Katello/katello/commits/master/katello-configure/katello-configure.spec"
},
{
"name": "52774",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52774"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf0d"
},
{
"name": "RHSA-2013:0547",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0547.html"
},
{
"name": "RHSA-2013:0686",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-04T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Katello/katello/commits/master/katello-configure/katello-configure.spec"
},
{
"name": "52774",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52774"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf0d"
},
{
"name": "RHSA-2013:0547",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0547.html"
},
{
"name": "RHSA-2013:0686",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6116",
"datePublished": "2013-03-01T02:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}