Unrated severityNVD Advisory· Published Mar 1, 2013· Updated Apr 29, 2026

CVE-2012-6116

Description

modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.

Affected products

Theforeman/Katello
cpe:2.3:a:katello:katello:-:*:*:*:*:*:*:*
Theforeman/Katello Configure
cpe:2.3:a:katello:katello-configure:*:*:*:*:*:*:*:*
Range: <=1.3.2_pulpv2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

rhn.redhat.com/errata/RHSA-2013-0547.htmlnvd
rhn.redhat.com/errata/RHSA-2013-0686.htmlnvd
secunia.com/advisories/52774nvd
github.com/Katello/katello/commits/master/katello-configure/katello-configure.specnvd
github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf0dnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000