Описание
pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories.
Ссылки
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.16.0 (включая)
Одно из
cpe:2.3:a:pulpproject:pulp:*:*:*:*:*:*:*:*
cpe:2.3:a:pulpproject:pulp:2.16.1:*:*:*:*:*:*:*
cpe:2.3:a:pulpproject:pulp:2.16.2:*:*:*:*:*:*:*
cpe:2.3:a:pulpproject:pulp:2.16.4:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00271
Низкий
6.8 Medium
CVSS3
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-22
CWE-22
Связанные уязвимости
CVSS3: 6.8
redhat
больше 7 лет назад
pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories.
EPSS
Процентиль: 50%
0.00271
Низкий
6.8 Medium
CVSS3
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-22
CWE-22