Search
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10917 | 1 Pulpproject | 1 Pulp | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories. | |||||
| CVE-2016-3696 | 2 Fedoraproject, Pulpproject | 2 Fedora, Pulp | 2018-02-23 | 2.1 LOW | 5.5 MEDIUM |
| The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. | |||||
| CVE-2016-3107 | 1 Pulpproject | 1 Pulp | 2018-01-05 | 2.1 LOW | 5.5 MEDIUM |
| The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data. | |||||
| CVE-2016-3111 | 1 Pulpproject | 1 Pulp | 2018-01-05 | 2.1 LOW | 5.5 MEDIUM |
| pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via reading the key files while the installation process is running. | |||||
| CVE-2016-3095 | 2 Fedoraproject, Pulpproject | 2 Fedora, Pulp | 2017-06-15 | 2.1 LOW | 5.5 MEDIUM |
| server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key. | |||||
| CVE-2016-3106 | 1 Pulpproject | 1 Pulp | 2017-04-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner. | |||||