RHEL 7 : Satellite 6.4 (RHSA-2018:2927)

"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2927 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitorin...

pulp: sensitive credentials revealed through the API

In pulp, secrets are passed into overrideconfig when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets...

Important: Red Hat Security Advisory: Satellite 6.4 security, bug fix, and enhancement update

An update is now available for Red Hat Satellite 6.4 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Pulp Arbitrary File Overwrite Vulnerability

Pulp is a free and open source repository platform for managing content. The platform supports pushing content from software packages to consumers. An arbitrary file overwrite vulnerability exists in Pulp version 2.16.x. The vulnerability stems from the program failing to properly resolve paths a...

CVE-2018-10917

pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories...

CVE-2018-10917

pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories...

CVE-2018-10917

pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories...

CVE-2018-10917

CVE-2018-10917 concerns Pulp (version 2.16.x and possibly older) with an improper path parsing vulnerability. A malicious user or malicious ISO feed repository could write to locations accessible to the apache user, potentially overwriting published content in other ISO repositories. Public recor...

PT-2018-10181 · Pulp · Pulp

Name of the Vulnerable Software and Affected Versions: pulp versions 2.16.x and earlier Description: The issue is related to improper path parsing, allowing a malicious user or a malicious iso feed repository to write to locations accessible to the 'apache' user. This could lead to the overwrite ...

Pulp Information Disclosure Vulnerability

Pulp is a free and open source repository platform for managing content. The platform supports pushing content from software packages to consumers. A security vulnerability exists in Pulp, which stems from the program passing sensitive information to the 'overrideconfig' object when a task is...

CVE-2018-1090

In Pulp before version 2.16.2, secrets are passed into overrideconfig when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets...

Code injection

In Pulp before version 2.16.2, secrets are passed into overrideconfig when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets...

CVE-2018-1090

In Pulp before version 2.16.2, secrets are passed into overrideconfig when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets...

CVE-2018-1090

In Pulp (before version 2.16.2), secrets are passed into override_config when triggering a task, making them readable to any user with read access on the distributor/importer. This leads to information disclosure via the API: an attacker with API access can view sensitive credentials. The issue i...

CVE-2018-1090

In Pulp before version 2.16.2, secrets are passed into overrideconfig when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets...

CVE-2018-1090

In pulp, secrets are passed into overrideconfig when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets...

RHEL 6 / 7 : Red Hat Satellite 6 (RHSA-2018:0273)

An update is now available for Red Hat Satellite 6.2 for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

Important: Red Hat Security Advisory: Red Hat Satellite 6 security, bug fix, and enhancement update

An update is now available for Red Hat Satellite 6.2 for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

Code injection

The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle processing problem in pulp...

CVE-2015-5164

The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle processing problem in pulp...