CVE-2022-3644

The collection remote for pulpansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API instead of marking it as write only...

CVE-2022-3644

CVE-2022-3644 affects the collection remote for pulp_ansible, where tokens are stored in plaintext instead of pulp’s encrypted field and are exposed in read/write mode via the API rather than being write-only. This leads to potential disclosure of sensitive tokens (confidentiality impact per the ...

pulp_ansible 安全漏洞

pulpansible is a Pulp open source plugin that supports hosting Role and Collection Ansible content. A security vulnerability exists in pulpansible that stems from storing tokens in plaintext instead of using Pulp's encrypted fields...

Moderate: Red Hat Security Advisory: Satellite 6.11 Release

An update is now available for Red Hat Satellite 6.11 Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fixes: libsolv: Heap-based buff...

Satellite 6.11 Release

An update is available for libdb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky Enterprise Software Foundation Satellite is a systems management tool for...

Withdrawn Advisory: Pulp Improper Path Parsing

Withdrawn Advisory This advisory has been withdrawn because the package pulpcore deals with pulp 3 only. This advisory concerns pulp 2, which is not in a supported ecosystem. Original Description pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a...

GHSA-574P-6FW4-4HW8 Withdrawn Advisory: Pulp Improper Path Parsing

Withdrawn Advisory This advisory has been withdrawn because the package pulpcore deals with pulp 3 only. This advisory concerns pulp 2, which is not in a supported ecosystem. Original Description pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a...

RHEL 7 : Satellite 6.10 Release (Moderate) (RHSA-2021:4702)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4702 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring...

Moderate: Red Hat Security Advisory: Satellite 6.10 Release

An update is now available for Red Hat Satellite 6.10 for RHEL 7. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fixes: python-ecdsa...

Moderate: Red Hat Enhancement Advisory: RHUI 3.1 bug fix and enhancement update

Updated RHUI 3 packages that fix several bugs and various enhancements are now available. Red Hat Update Infrastructure RHUI is a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red...

pulp: Improper path parsing leads to overwriting of iso repositories

A path traversal flaw was found in the ISO repository plugin for pulp. An attacker, with access to a repository feeding pulp can carefully craft his repository to overwrite arbitrary files owned by the Apache webserver...

Information Disclosure

Pulp is vulnerable to information disclosure. An attacker with API access can view sensitive credentials when triggering a task via distributor/importer...

Directory Traversal

pulp is vulnerable to directory traversal. A malicious user is able to write to arbitrary locations or overwrite published content on other iso feed repository caused by improper parsing of file paths...

Authentication Bypass

Red Hat Satellite is vulnerable to authentication bypass attacks. This is because the Pulp's pulp-qpid-ssl-cfg script uses bash's $RANDOM in unsafe ways to generate a NSS DB password. An attacker could potentially guess the seed used given enough time and compute resources...

pulp: Improper path parsing leads to overwriting of iso repositories

A path traversal flaw was found in the ISO repository plugin for pulp. An attacker, with access to a repository feeding pulp can carefully craft his repository to overwrite arbitrary files owned by the Apache webserver...

RHEL 7 : Satellite 6.5 Release (Moderate) (RHSA-2019:1222)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1222 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring...

Privilege Escalation

Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service IaaS product that lets you create and manage private and public clouds. This update fixes bugs in and adds enhancements to the System Engine packages, and upgrades the system to CloudForms 1.1. This update also fixes the...

Information Disclosure

pulp is vulnerable to information disclosure. An insecure file permission in the /etc/pki/pulp/nodes/ directory allows local users to retrieve confidential information...

Information Disclosure

Pulp in Red Hat CloudForms is susceptible to information disclosure. The vulnerability exists because it leaks administrative passwords by logging into a world log file. This vulnerability can be deployed locally...

RHEL 7 : Satellite 6.4 (RHSA-2018:2927)

"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2927 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitorin...