Vulnerabilities > Pulpproject > Pulp > 2.8.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-15 | CVE-2018-10917 | Unspecified vulnerability in Pulpproject Pulp pulp 2.16.x and possibly older is vulnerable to an improper path parsing. | 6.5 |
| 2018-06-18 | CVE-2018-1090 | Information Exposure vulnerability in multiple products In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. | 7.5 |
| 2017-06-13 | CVE-2016-3704 | Credentials Management vulnerability in multiple products Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords. | 7.5 |
| 2017-06-13 | CVE-2016-3696 | Information Exposure vulnerability in multiple products The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. | 5.5 |