Medium severity5.5NVD Advisory· Published Jun 8, 2017· Updated May 13, 2026

CVE-2016-3111

Description

pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via reading the key files while the installation process is running.

Affected products

Pulpproject/Pulp
cpe:2.3:a:pulpproject:pulp:*:*:*:*:*:*:*:*
Range: <=2.8.2-1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.specnvdIssue TrackingPatchThird Party Advisory
pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.specnvdIssue TrackingPatchThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatch
github.com/pulp/pulp/blob/master/pulp.specnvdIssue TrackingPatchThird Party Advisory
github.com/pulp/pulp/blob/master/pulp.specnvdIssue TrackingPatchThird Party Advisory
pulp.plan.io/issues/1837nvdPatchVendor Advisory
www.openwall.com/lists/oss-security/2016/05/20/1nvdMailing ListThird Party Advisory
bugzilla.redhat.com/attachment.cginvdIssue Tracking
access.redhat.com/errata/RHBA-2016:1501nvd

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000