CVE-2015-5153

Опубликовано: 18 авг. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=1243526
Issue Tracking
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1243526
Issue Tracking
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pulp_project:pulp:-:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00428

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-275

Связанные уязвимости

CVE-2015-5153

redhat

больше 10 лет назад

Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name.

GHSA-gf89-385c-hq37

CVSS3: 8.8

github

больше 3 лет назад

Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name.

EPSS

Процентиль: 62%

0.00428

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-275