Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.
Privilege Escalation
Katello Installer
NVD
GitHub
CVSS 2.0
2.1
EPSS
0.0%