CVE-2016-3106

Published on: 04/13/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:03 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Certain versions of Pulp from Pulpproject contain the following vulnerability:

Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner.

  • CVE-2016-3106 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.3 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED LOW NONE NONE

CVSS2 Score: 5 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
oss-security - CVE-2013-7450: Pulp < 2.3.0 distributed the same CA key to all users Mailing List
Patch
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160418 CVE-2013-7450: Pulp < 2.3.0 distributed the same CA key to all users
1324926 – (CVE-2016-3106) CVE-2016-3106 pulp: Insecure creation of temporary directory when generating new CA key Issue Tracking
Patch
bugzilla.redhat.com
text/html
URL Logo CONFIRM bugzilla.redhat.com/show_bug.cgi?id=1324926
oss-security - Pulp 2.8.3 Released to address multiple CVEs Mailing List
Patch
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160519 Pulp 2.8.3 Released to address multiple CVEs
Issue #1827: CVE-2016-3106: Insecure creation of temporary directory when generating new CA key - Pulp Issue Tracking
Patch
Third Party Advisory
pulp.plan.io
text/html
URL Logo CONFIRM pulp.plan.io/issues/1827

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationPulpprojectPulp2.8.2-1AllAllAll
ApplicationPulpprojectPulp2.8.2-1AllAllAll
  • cpe:2.3:a:pulpproject:pulp:2.8.2-1:*:*:*:*:*:*:*:
  • cpe:2.3:a:pulpproject:pulp:2.8.2-1:*:*:*:*:*:*:*: