Описание
Withdrawn Advisory: Pulp Improper Path Parsing
Withdrawn Advisory
This advisory has been withdrawn because the package pulpcore deals with pulp 3 only. This advisory concerns pulp 2, which is not in a supported ecosystem.
Original Description
pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-10917
- https://access.redhat.com/errata/RHEA-2019:1283
- https://access.redhat.com/errata/RHSA-2019:1222
- https://access.redhat.com/security/cve/CVE-2018-10917
- https://bugzilla.redhat.com/show_bug.cgi?id=1598928
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10917
Пакеты
pulpcore
<= 2.16
Отсутствует
Связанные уязвимости
pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories.
pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories.