The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink at…
The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack.
Creating and using insecure temporary files can leave application and system data vulnerable to attack.
https://cwe.mitre.org/data/definitions/377.html →Open in CWE collection →The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
https://cwe.mitre.org/data/definitions/59.html →Open in CWE collection →An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
https://capec.mitre.org/data/definitions/17.html →Open in CAPEC collection →An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
https://capec.mitre.org/data/definitions/35.html →Open in CAPEC collection →An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
https://capec.mitre.org/data/definitions/76.html →Open in CAPEC collection →An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.
https://capec.mitre.org/data/definitions/132.html →Open in CAPEC collection →An attacker explores a target to identify the names and locations of predictable temporary files for the purpose of launching further attacks against the target. This involves analyzing naming conventions and storage locations of the temporary files created by a target application. If an attacker can predict the names of temporary files they can use this information to mount other attacks, such as information gathering and symlink attacks.
https://capec.mitre.org/data/definitions/149.html →Open in CAPEC collection →An adversary exploits the temporary, insecure storage of information by monitoring the content of files used to store temp data during an application's routine execution flow. Many applications use temporary files to accelerate processing or to provide records of state across multiple executions of the application. Sometimes, however, these temporary files may end up storing sensitive information. By screening an application's temporary files, an adversary might be able to discover such sensitive information. For example, web browsers often cache content to accelerate subsequent lookups. If the content contains sensitive information then the adversary could recover this from the web cache.
https://capec.mitre.org/data/definitions/155.html →Open in CAPEC collection →| Product | Vendor | Status |
|---|---|---|
| candlepin | Tracked | |
| candlepin | Tracked | |
| candlepin | Tracked | |
| candlepin | Tracked | |
| foreman | Tracked | |
| foreman | Tracked | |
| foreman | Tracked | |
| foreman | Tracked | |
| foreman-installer | Tracked | |
| foreman-installer | Tracked | |
| foreman-installer | Tracked | |
| foreman-installer | Tracked | |
| foreman-proxy | Tracked | |
| foreman-proxy | Tracked | |
| foreman-proxy | Tracked | |
| foreman-proxy | Tracked | |
| foreman-selinux | Tracked | |
| foreman-selinux | Tracked | |
| foreman-selinux | Tracked | |
| foreman-selinux | Tracked |