V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2013-4455
CVE
Medium

Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node,…

CVSS
6.1
Medium
EPSS
0.00
p36
Published
2013-01-01
Updated
2013-01-01
Description

Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file.

Tags · CWE
LPE
CWE-264
CWE-732
CAPEC-1
CAPEC-17
CAPEC-60
CAPEC-61
CAPEC-62
CAPEC-122
CAPEC-127
CAPEC-180
CAPEC-206
CAPEC-234
CAPEC-642
Affected products
Katello_installer ≤ 0.0.17Katello_installer
CVSS vector
AV:L/AC:L/Au:N/C:C/I:P/A:P
Timeline
2013-01-01
Published
2013-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: L
Local (L)
Attack Complexity
AC: L
Low (L)
Authentication
Au: N
None (N)
Confidentiality Impact
C: C
Complete
Integrity Impact
I: P
Partial
Availability Impact
A: P
Partial
Exploit indicators
EPSS
0.005 · p36
Known exploited (KEV)
No
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-127 · CWE-732
└ via CAPEC-60 · CWE-732
└ via CAPEC-642 · CWE-732
└ via CAPEC-122 · CWE-732
└ via CAPEC-60 · CWE-732
└ via CAPEC-206 · CWE-732
└ via CAPEC-642 · CWE-732
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
katello_installer*Tracked
Source databases
CVE