High severity7.5OSV Advisory· Published Jun 13, 2017· Updated Jun 17, 2026
CVE-2016-3704
CVE-2016-3704
Description
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4build-0.0.332, build-0.0.333, build-0.0.334, …+ 2 more
- (no CPE)range: build-0.0.332, build-0.0.333, build-0.0.334, …
- cpe:2.3:a:pulpproject:pulp:*:*:*:*:*:*:*:*range: <=2.8.4
- (no CPE)range: <2.8.5
- cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
7- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatch
- github.com/pulp/pulp/blob/pulp-2.8.2-1/server/bin/pulp-qpid-ssl-cfgnvdIssue TrackingPatchThird Party Advisory
- github.com/pulp/pulp/blob/pulp-2.8.2-1/server/bin/pulp-qpid-ssl-cfgnvdIssue TrackingPatchThird Party Advisory
- pulp.plan.io/issues/1858nvdIssue TrackingPatchVendor Advisory
- docs.pulpproject.org/user-guide/release-notes/2.8.x.htmlnvdPermissions Required
- access.redhat.com/errata/RHSA-2018:0336nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YM2LCC7QBRCK4LTN5EZT5OHTVAR3MYTY/nvd
News mentions
0No linked articles in our index yet.