CVE-2018-10917 – pulp: Improper path parsing leads to overwriting of iso repositories
https://notcve.org/view.php?id=CVE-2018-10917
pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories. pulp en versiones 2.16.x y, posiblemente, anteriores, es vulnerable a un análisis de ruta incorrecto. Un usuario malicioso o un repositorio de feeds de ISO malicioso puede escribir en ubicaciones accesibles al usuario "apache". Esto podría conducir a la sobrescritura de contenido publicado en otros repositorios iso. • https://access.redhat.com/errata/RHSA-2019:1222 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10917 https://access.redhat.com/security/cve/CVE-2018-10917 https://bugzilla.redhat.com/show_bug.cgi?id=1598928 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-1090 – pulp: sensitive credentials revealed through the API
https://notcve.org/view.php?id=CVE-2018-1090
In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets. En Pulp en versiones anteriores a la 2.16.2, los secretos se pasan a override_config al desencadenar una tarea y después se vuelven legibles para todos los usuarios con acceso de lectura al distribuidor/importador. Un atacante con acceso a la API puede visualizar estos secretos. In pulp, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. • https://access.redhat.com/errata/RHSA-2018:2927 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1090 https://pulp.plan.io/issues/3521 https://access.redhat.com/security/cve/CVE-2018-1090 https://bugzilla.redhat.com/show_bug.cgi?id=1560035 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-3704 – pulp: Unsafe use of bash $RANDOM for NSS DB password and seed
https://notcve.org/view.php?id=CVE-2016-3704
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords. Pulp en sus versiones anteriores a 2.8.5 usa la varible $RANDOM del bash de manera insegura para la generación de contraseñas. Pulp makes unsafe use of Bash's $RANDOM to generate a NSS DB password and seed resulting in insufficient randomness. An attacker could potentially guess the seed used given enough time and compute resources. • https://access.redhat.com/errata/RHSA-2018:0336 https://bugzilla.redhat.com/show_bug.cgi?id=1330264 https://docs.pulpproject.org/user-guide/release-notes/2.8.x.html#pulp-2-8-5 https://github.com/pulp/pulp/blob/pulp-2.8.2-1/server/bin/pulp-qpid-ssl-cfg#L25 https://github.com/pulp/pulp/blob/pulp-2.8.2-1/server/bin/pulp-qpid-ssl-cfg#L97-L105 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YM2LCC7QBRCK4LTN5EZT5OHTVAR3MYTY https: • CWE-255: Credentials Management Errors CWE-330: Use of Insufficiently Random Values •
CVE-2016-3696 – pulp: Leakage of CA key in pulp-qpid-ssl-cfg
https://notcve.org/view.php?id=CVE-2016-3696
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. El script pulp-qpid-ssl-cfg en Pulp anterior a la versión 2.8.5 permite a usuarios locales obtener la clave de autoridad de certificación. It was found that the private CA key was created in a directory that is world-readable for a small amount of time. A local user could possibly use this flaw to gain access to the private key information in the file. • https://access.redhat.com/errata/RHSA-2018:0336 https://bugzilla.redhat.com/show_bug.cgi?id=1328930 https://docs.pulpproject.org/user-guide/release-notes/2.8.x.html#pulp-2-8-5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YM2LCC7QBRCK4LTN5EZT5OHTVAR3MYTY https://pulp.plan.io/issues/1854 https://access.redhat.com/security/cve/CVE-2016-3696 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2016-3108
https://notcve.org/view.php?id=CVE-2016-3108
The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack. El script del archivo pulp-gen-nodes-certificate en Pulp anterior a la versión 2.8.3, permite a los usuarios locales filtrar las claves o escribir en archivos arbitrarios por medio de un ataque de symlink. • http://www.openwall.com/lists/oss-security/2016/05/20/1 https://access.redhat.com/errata/RHBA-2016:1501 https://bugzilla.redhat.com/attachment.cgi?id=1146475 https://bugzilla.redhat.com/show_bug.cgi?id=1325934 https://github.com/pulp/pulp/pull/2528 https://pulp.plan.io/issues/1830 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •