modules/certs/manifests/config.pp in katello-configure prior to 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
katello katello - |
||
katello katello-configure |