{"alias":[],"description":"pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via reading the key files while the installation process is running.","epss":{"percentile":"0.14737","score":"0.000480"},"id":"CVE-2016-3111","metrics":{"cvss2":{"ac_insuf_info":0,"access_complexity":"LOW","access_vector":"LOCAL","authentication":"NONE","availability_impact":"NONE","base_score":2.1,"base_severity":"LOW","confidentiality_impact":"PARTIAL","exploitability_score":3.9,"impact_score":2.9,"integrity_impact":"NONE","obtain_all_privilege":0,"obtain_other_privilege":0,"obtain_user_privilege":0,"user_interaction_required":0,"vector_string":"AV:L\/AC:L\/Au:N\/C:P\/I:N\/A:N","version":"2.0"},"cvss3":{"attack_complexity":"LOW","attack_vector":"LOCAL","availability_impact":"NONE","base_score":5.5,"base_severity":"MEDIUM","confidentiality_impact":"HIGH","exploitability_score":1.8,"impact_score":3.6,"integrity_impact":"NONE","privileges_required":"LOW","scope":"UNCHANGED","user_interaction":"NONE","vector_string":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","version":"3.0"}},"modified":"2025-04-20T01:37:25","nvd_status":"Deferred","published":"2017-06-08T18:29:00","score":5.5,"severity":"MEDIUM","source":"secalert@redhat.com","status":"PUBLISHED","weaknesses":[{"id":"CWE-200","name":"Exposure of Sensitive Information to an Unauthorized Actor","type":"weakness"}]}