Published: 15/08/2018 Updated: 12/02/2023

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pulpproject pulp 2.16.2
pulpproject pulp 2.16.1
pulpproject pulp 2.16.4
pulpproject pulp

Synopsis Moderate: Satellite 65 Release Type/Severity Security Advisory: Moderate Topic Red Hat Satellite 65 for RHEL 7 is now available containing security fixes, bug fixes, and enhancementsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Sco ...

A path traversal flaw was found in the ISO repository plugin for pulp An attacker, with access to a repository feeding pulp can carefully craft his repository to overwrite arbitrary files owned by the Apache webserver ...

CWE-22 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10917 https://access.redhat.com/errata/RHSA-2019:1222 https://access.redhat.com/errata/RHSA-2019:1222 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2018-10917

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-10917

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect