CVE-2016-3107

Name of the Vulnerable Software and Affected Versions Pulp versions prior to 2.8.3

Description The issue concerns a world-readable file containing the private key for the Node certificate, stored in the "/etc/pki/pulp/nodes/" directory. This allows local users to access sensitive data, potentially gaining access to the private key information.

Recommendations For versions prior to 2.8.3, update to version 2.8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/etc/pki/pulp/nodes/" directory to minimize the risk of exploitation.