CVE-2013-4455

Exploit

EPSS 0.04%
Published 14.05.2014 19:55:09
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file.

Affected products Warnungen 0 Metrics 2 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Katello ≫ Katello Installer Version <= 0.0.17

Katello ≫ Katello Installer Version0.0.1

Katello ≫ Katello Installer Version0.0.2

Katello ≫ Katello Installer Version0.0.3

Katello ≫ Katello Installer Version0.0.4

Katello ≫ Katello Installer Version0.0.5

Katello ≫ Katello Installer Version0.0.6

Katello ≫ Katello Installer Version0.0.7

Katello ≫ Katello Installer Version0.0.8

Katello ≫ Katello Installer Version0.0.9

Katello ≫ Katello Installer Version0.0.10

Katello ≫ Katello Installer Version0.0.11

Katello ≫ Katello Installer Version0.0.12

Katello ≫ Katello Installer Version0.0.13

Katello ≫ Katello Installer Version0.0.14

Katello ≫ Katello Installer Version0.0.15

Katello ≫ Katello Installer Version0.0.16

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.099

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

https://bugzilla.redhat.com/show_bug.cgi?id=1021784

https://github.com/Katello/katello-installer/commit/15e01086bcb3f5d42525730e8b162bca11bec85e

Patch

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2013-4455

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-4455

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-4455

EUVD