Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Pulp Security Vulnerabilities

cve
cve

CVE-2018-10917

pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso...

6.5CVSS

6.6AI Score

0.001EPSS

2018-08-15 05:29 PM
37
cve
cve

CVE-2018-1090

In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these...

7.5CVSS

7.3AI Score

0.002EPSS

2018-06-18 02:29 PM
29
cve
cve

CVE-2015-5263

pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon...

8.1CVSS

7.4AI Score

0.003EPSS

2017-09-25 09:29 PM
20
cve
cve

CVE-2015-5153

Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same...

8.8CVSS

7.4AI Score

0.001EPSS

2017-08-18 06:29 PM
21
cve
cve

CVE-2016-3704

Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate...

7.5CVSS

7.3AI Score

0.003EPSS

2017-06-13 05:29 PM
29
cve
cve

CVE-2016-3696

The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA...

5.5CVSS

5.9AI Score

0.0004EPSS

2017-06-13 04:29 PM
30
cve
cve

CVE-2016-3095

server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private...

5.5CVSS

5.2AI Score

0.0004EPSS

2017-06-08 07:29 PM
16
cve
cve

CVE-2016-3108

The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink...

7.1CVSS

6.7AI Score

0.0004EPSS

2017-06-08 06:29 PM
19
cve
cve

CVE-2016-3111

pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via...

5.5CVSS

5.1AI Score

0.0004EPSS

2017-06-08 06:29 PM
27
cve
cve

CVE-2016-3112

client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer private keys and escalate privileges by reading /etc/pki/pulp/consumer/consumer-cert, and...

7.5CVSS

7.3AI Score

0.004EPSS

2017-06-08 06:29 PM
28
cve
cve

CVE-2016-3107

The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive...

5.5CVSS

5.5AI Score

0.0004EPSS

2017-06-08 06:29 PM
20
cve
cve

CVE-2016-3106

Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure...

5.3CVSS

5.3AI Score

0.001EPSS

2017-04-13 02:59 PM
21
4
cve
cve

CVE-2013-7450

Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all...

7.5CVSS

7.4AI Score

0.002EPSS

2017-04-03 03:59 PM
19
4