Known Vulnerabilities for products from Pulpproject
Listed below are 13 of the newest known vulnerabilities associated with the vendor "Pulpproject".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2018-10917 | pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository... | 6.5 - MEDIUM | 2018-08-15 | 2023-02-12 |
| CVE-2018-1090 | In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all... | 7.5 - HIGH | 2018-06-18 | 2019-10-09 |
| CVE-2016-3704 | Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords. | 7.5 - HIGH | 2017-06-13 | 2023-02-12 |
| CVE-2016-3696 | The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. | 5.5 - MEDIUM | 2017-06-13 | 2023-02-13 |
| CVE-2016-3112 | client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-... | 7.5 - HIGH | 2017-06-08 | 2023-02-13 |
| CVE-2016-3111 | pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp s... | 5.5 - MEDIUM | 2017-06-08 | 2023-02-13 |
| CVE-2016-3108 | The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files vi... | 7.1 - HIGH | 2017-06-08 | 2023-02-12 |
| CVE-2016-3107 | The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/p... | 5.5 - MEDIUM | 2017-06-08 | 2023-02-12 |
| CVE-2016-3106 | Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner. | 5.3 - MEDIUM | 2017-04-13 | 2017-04-26 |
| CVE-2016-3095 | server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key. | 5.5 - MEDIUM | 2017-06-08 | 2017-06-15 |
| CVE-2015-5263 | pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's ... | 8.1 - HIGH | 2017-09-25 | 2017-10-05 |
| CVE-2015-5164 | The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with... | 7.2 - HIGH | 2017-10-18 | 2017-11-08 |
| CVE-2013-7450 | Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations. | 7.5 - HIGH | 2017-04-03 | 2017-04-26 |
Known software with vulnerabilities from Pulpproject
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Pulpproject | Pulp | 2.2.1-1 |