Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Pulp
(Pulpproject)| Repositories | https://github.com/pulp/pulp |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-08-07 | CVE-2024-7143 | A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the current authenticated user. For objects that are created within a task, this current user is set by the first user with any permissions on the task object. This means the oldest user with model/domain-level task... | Pulp | 8.3 | ||
| 2017-06-08 | CVE-2016-3107 | The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data. | Pulp | 5.5 | ||
| 2017-06-08 | CVE-2016-3108 | The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack. | Pulp | 7.1 |