World-readable permissions for private key file in Katello Installer

World-readable permissions for private key file in Katello Installer

CVE-2013-4455 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file.

Learn more about our User Device Pen Test.