Vulnerabilities > Pulpproject

DATE CVE VULNERABILITY TITLE RISK
2024-08-07 CVE-2024-7143 Insecure Inherited Permissions vulnerability in Pulpproject Pulp
A flaw was found in the Pulp package.
network
low complexity
pulpproject CWE-277
8.3
2022-10-25 CVE-2022-3644 Insufficiently Protected Credentials vulnerability in multiple products
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
local
low complexity
pulpproject redhat CWE-522
5.5
2018-08-15 CVE-2018-10917 Path Traversal vulnerability in Pulpproject Pulp
pulp 2.16.x and possibly older is vulnerable to an improper path parsing.
network
low complexity
pulpproject CWE-22
6.5
2018-06-18 CVE-2018-1090 Information Exposure vulnerability in multiple products
In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer.
network
low complexity
pulpproject fedoraproject redhat CWE-200
7.5
2017-10-18 CVE-2015-5164 Deserialization of Untrusted Data vulnerability in Pulpproject Qpid
The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle processing problem in pulp.
network
low complexity
pulpproject CWE-502
7.2
2017-09-25 CVE-2015-5263 Improper Certificate Validation vulnerability in Pulpproject Pulp
pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration.
network
high complexity
pulpproject CWE-295
8.1
2017-06-13 CVE-2016-3704 Credentials Management vulnerability in multiple products
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.
network
low complexity
fedoraproject pulpproject CWE-255
7.5
2017-06-13 CVE-2016-3696 Information Exposure vulnerability in multiple products
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.
local
low complexity
fedoraproject pulpproject CWE-200
5.5
2017-06-08 CVE-2016-3095 Information Exposure vulnerability in multiple products
server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key.
local
low complexity
fedoraproject pulpproject CWE-200
5.5
2017-06-08 CVE-2016-3112 Improper Access Control vulnerability in Pulpproject Pulp
client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer private keys and escalate privileges by reading /etc/pki/pulp/consumer/consumer-cert, and authenticating as a consumer user.
network
low complexity
pulpproject CWE-284
7.5