Vulnerabilities > Pulpproject > Pulp > 2.8.3

DATE CVE VULNERABILITY TITLE RISK
2018-08-15 CVE-2018-10917 Path Traversal vulnerability in Pulpproject Pulp
pulp 2.16.x and possibly older is vulnerable to an improper path parsing.
network
low complexity
pulpproject CWE-22
6.5
6.5
2018-06-18 CVE-2018-1090 Information Exposure vulnerability in multiple products
In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer.
network
low complexity
pulpproject fedoraproject redhat CWE-200
5.0
5.0
2017-06-13 CVE-2016-3704 Credentials Management vulnerability in multiple products
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.
network
low complexity
fedoraproject pulpproject CWE-255
7.5
7.5
2017-06-13 CVE-2016-3696 Information Exposure vulnerability in multiple products
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.
local
low complexity
fedoraproject pulpproject CWE-200
5.5
5.5