World-readable permissions for private key file in Katello Installer
CVE-2013-4455 · LOW Severity
AV:L/AC:L/AU:N/C:P/I:N/A:N
Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file.
Learn more about our User Device Pen Test.