Vulnerability Description
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.
CVSS Score
5.5
MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | Fedora | 24 |
| Pulpproject | Pulp | <= 2.8.4 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2018:0336
- https://bugzilla.redhat.com/show_bug.cgi?id=1328930Issue Tracking
- https://docs.pulpproject.org/user-guide/release-notes/2.8.x.html#pulp-2-8-5Permissions Required
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://pulp.plan.io/issues/1854Issue TrackingVendor Advisory
- https://access.redhat.com/errata/RHSA-2018:0336
- https://bugzilla.redhat.com/show_bug.cgi?id=1328930Issue Tracking
- https://docs.pulpproject.org/user-guide/release-notes/2.8.x.html#pulp-2-8-5Permissions Required
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://pulp.plan.io/issues/1854Issue TrackingVendor Advisory
FAQ
What is CVE-2016-3696?
CVE-2016-3696 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.
How severe is CVE-2016-3696?
CVE-2016-3696 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-3696?
Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Pulpproject Pulp.