Katello Configure
Monthly
modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.