CVE-2013-4455

Name of the Vulnerable Software and Affected Versions Katello Installer versions prior to 0.0.18

Description The issue allows local users to obtain the private key by reading the file due to world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node.

Recommendations For versions prior to 0.0.18, update to version 0.0.18 or later to resolve the issue. As a temporary workaround, consider changing the permissions of the /etc/pki/tls/private/katello-node.key file to restrict access until the update is applied.