pulpcore: RBAC permissions incorrectly assigned in tasks that create objects

A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...

Incorrect Permission Assignment

Pulp is vulnerable to Incorrect Permission Assignment. The vulnerability is due to the use of the AutoAddObjPermsMixin method, which sets permissions based on the oldest user with task permissions. This allows an attacker to gain unauthorized access or privileges, as the permissions for objects...

CVE-2024-7143

A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...

CVE-2024-7143

A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...

CVE-2024-7143

A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...

PT-2024-38106

Name of the Vulnerable Software and Affected Versions Pulp affected versions not specified Description A flaw was found in the Pulp package related to role-based access control RBAC objects. When an RBAC object is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin,...