Known Vulnerabilities for products from Pulpproject
Listed below are 14 of the newest known vulnerabilities associated with the vendor "Pulpproject".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-3644 json | The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in... | 5.5 - MEDIUM | 2022-10-25 | 2022-10-28 |
| CVE-2018-10917 json | pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository... | 6.5 - MEDIUM | 2018-08-15 | 2023-02-12 |
| CVE-2018-1090 json | In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all... | 7.5 - HIGH | 2018-06-18 | 2019-10-09 |
| CVE-2016-3704 json | Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords. | Not Provided | 2017-06-13 | 2025-04-20 |
| CVE-2016-3696 json | The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. | Not Provided | 2017-06-13 | 2025-04-20 |
| CVE-2016-3112 json | client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-... | Not Provided | 2017-06-08 | 2025-04-20 |
| CVE-2016-3111 json | pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp s... | Not Provided | 2017-06-08 | 2025-04-20 |
| CVE-2016-3108 json | The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files vi... | Not Provided | 2017-06-08 | 2025-04-20 |
| CVE-2016-3107 json | The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/p... | Not Provided | 2017-06-08 | 2025-04-20 |
| CVE-2016-3106 json | Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner. | Not Provided | 2017-04-13 | 2025-04-20 |
| CVE-2016-3095 json | server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key. | Not Provided | 2017-06-08 | 2025-04-20 |
| CVE-2015-5263 json | pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's ... | 8.1 - HIGH | 2017-09-25 | 2017-10-05 |
| CVE-2015-5164 json | The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with... | Not Provided | 2017-10-18 | 2025-04-20 |
| CVE-2013-7450 json | Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations. | Not Provided | 2017-04-03 | 2025-04-20 |
Known software with vulnerabilities from Pulpproject
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Pulpproject | Pulp | 2.10.0 |