modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Katello | Katello | - (including) | - (including) |
Katello-configure | Katello | * | 1.3.2_pulpv2 (including) |