script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
katello katello 1.1 |