CVE-2016-3111

Name of the Vulnerable Software and Affected Versions Pulp version 2.8.3

Description The issue arises during the installation process of Pulp, where the pulp.spec generates RSA key pairs in a world-readable directory before modifying the permissions. This might allow local users to read the generated RSA keys by accessing the key files while the installation is in progress.

Recommendations For Pulp version 2.8.3, consider restricting access to the directory where the RSA key pairs are generated during the installation process to prevent local users from reading the keys. As a temporary workaround, monitor the installation process closely to minimize the time the key files are exposed.