Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:pulpproject:pulp:2.8.3:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-10917 |
pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories. Published: August 15, 2018; 1:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2018-1090 |
In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets. Published: June 18, 2018; 10:29:00 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-3704 |
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords. Published: June 13, 2017; 1:29:00 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-3696 |
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. Published: June 13, 2017; 12:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |