CVE-2016-3108

CVE-2016-3108

EPSS 0.3%

The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://access.redhat.com/errata/RHBA-2016:1501 https://bugzilla.redhat.com/attachment.cgi?id=1146475 https://bugzilla.redhat.com/show_bug.cgi?id=1325934 https://github.com/pulp/pulp/pull/2528 https://pulp.plan.io/issues/1830 http://www.openwall.com/lists/oss-security/2016/05/20/1