Known Vulnerabilities for products from Pulpproject
Listed below are 14 of the newest known vulnerabilities associated with the vendor "Pulpproject".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-3644 json | The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in... | 5.5 - MEDIUM | 2022-10-25 | 2022-10-28 |
| CVE-2018-10917 json | pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository... | 6.5 - MEDIUM | 2018-08-15 | 2023-02-12 |
| CVE-2018-1090 json | In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all... | 7.5 - HIGH | 2018-06-18 | 2019-10-09 |
| CVE-2016-3704 json | Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords. | 7.5 - HIGH | 2017-06-13 | 2023-02-12 |
| CVE-2016-3696 json | The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. | 5.5 - MEDIUM | 2017-06-13 | 2023-02-13 |
| CVE-2016-3112 json | client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-... | 7.5 - HIGH | 2017-06-08 | 2023-02-13 |
| CVE-2016-3111 json | pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp s... | 5.5 - MEDIUM | 2017-06-08 | 2023-02-13 |
| CVE-2016-3108 json | The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files vi... | 7.1 - HIGH | 2017-06-08 | 2023-02-12 |
| CVE-2016-3107 json | The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/p... | 5.5 - MEDIUM | 2017-06-08 | 2023-02-12 |
| CVE-2016-3106 json | Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner. | 5.3 - MEDIUM | 2017-04-13 | 2017-04-26 |
| CVE-2016-3095 json | server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key. | 5.5 - MEDIUM | 2017-06-08 | 2017-06-15 |
| CVE-2015-5263 json | pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's ... | 8.1 - HIGH | 2017-09-25 | 2017-10-05 |
| CVE-2015-5164 json | The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with... | 7.2 - HIGH | 2017-10-18 | 2017-11-08 |
| CVE-2013-7450 json | Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations. | 7.5 - HIGH | 2017-04-03 | 2017-04-26 |
Known software with vulnerabilities from Pulpproject
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Pulpproject | Pulp | 2.10.0 |