It was found that spec file generating RSA keys, used for authenticating messages between server and consumers, as post installation step does this in world-readable directories for a brief moment.
Name: Jeremy Cline (Red Hat)
The Fedora spec file is also vulnerable in this way:
Additionally, the Fedora spec file fails to protect the key but that is reported in a separate issue:
Created attachment 1146522 [details]
This issue has been addressed in the following products:
Red Hat Satellite 6.2