Lucene search
K

195 matches found

Veracode
Veracode
added 2022/10/26 1:14 a.m.19 views

Information Disclosure

pulp-ansible is vulnerable to Information Disclosure. The vulnerability exists because the requirementsfile parameter in models.py stores tokens in plain text instead of using pulp's encrypted field, allowing an attacker to modify tokens via the API...

5.5CVSS5.4AI score0.00276EPSS
Exploits1References3Affected Software1
vulnersOsv
vulnersOsv
added 2022/10/25 7:0 p.m.5 views

galaxy-ng (>=4.4.0 <=4.5.5) potentially affected by CVE-2022-3644 via pulp-ansible (>=0.10.5 <=0.13.6)

pulp-ansible PYPI version =0.10.5, =4.4.0, =4.5.5 Source cves: CVE-2022-3644 Source advisory: OSV:GHSA-QV37-MFJF-42H8...

5.5CVSS6AI score0.00276EPSS
Exploits1
Cvelist
Cvelist
added 2022/10/25 12:0 a.m.35 views

CVE-2022-3644

The collection remote for pulpansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API instead of marking it as write only...

6.2AI score0.00276EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/10/25 12:0 a.m.4 views

pulp_ansible 安全漏洞

pulpansible is a Pulp open source plugin that supports hosting Role and Collection Ansible content. A security vulnerability exists in pulpansible that stems from storing tokens in plaintext instead of using Pulp's encrypted fields...

5.5CVSS5.4AI score0.00276EPSS
Exploits1References2
CVE
CVE
added 2022/10/25 12:0 a.m.227 views

CVE-2022-3644

CVE-2022-3644 affects the collection remote for pulp_ansible, where tokens are stored in plaintext instead of pulp’s encrypted field and are exposed in read/write mode via the API rather than being write-only. This leads to potential disclosure of sensitive tokens (confidentiality impact per the ...

5.5CVSS5.8AI score0.00276EPSS
Exploits1References1Affected Software1
RedHat Linux
RedHat Linux
added 2022/07/05 2:41 p.m.576 views

Moderate: Red Hat Security Advisory: Satellite 6.11 Release

An update is now available for Red Hat Satellite 6.11 Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fixes: libsolv: Heap-based buff...

9.8CVSS7.6AI score0.49246EPSS
Exploits14References476
Rockylinux
Rockylinux
added 2022/07/05 1:55 p.m.67 views

Satellite 6.11 Release

An update is available for libdb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky Enterprise Software Foundation Satellite is a systems management tool for...

9.8CVSS8.7AI score0.49246EPSS
Exploits14
Github Security Blog
Github Security Blog
added 2022/05/13 1:48 a.m.26 views

Withdrawn Advisory: Pulp Improper Path Parsing

Withdrawn Advisory This advisory has been withdrawn because the package pulpcore deals with pulp 3 only. This advisory concerns pulp 2, which is not in a supported ecosystem. Original Description pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a...

6.8CVSS6.9AI score0.01067EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/05/13 1:48 a.m.27 views

GHSA-574P-6FW4-4HW8 Withdrawn Advisory: Pulp Improper Path Parsing

Withdrawn Advisory This advisory has been withdrawn because the package pulpcore deals with pulp 3 only. This advisory concerns pulp 2, which is not in a supported ecosystem. Original Description pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a...

6.5CVSS6.6AI score0.01067EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2021/11/17 12:0 a.m.41 views

RHEL 7 : Satellite 6.10 Release (Moderate) (RHSA-2021:4702)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4702 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring...

10CVSS7AI score0.05984EPSS
Exploits7References533
RedHat Linux
RedHat Linux
added 2021/11/16 3:43 p.m.114 views

Moderate: Red Hat Security Advisory: Satellite 6.10 Release

An update is now available for Red Hat Satellite 6.10 for RHEL 7. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fixes: python-ecdsa...

10CVSS6.9AI score0.05984EPSS
Exploits7References510
RedHat Linux
RedHat Linux
added 2019/05/28 1:50 p.m.3 views

pulp: Improper path parsing leads to overwriting of iso repositories

A path traversal flaw was found in the ISO repository plugin for pulp. An attacker, with access to a repository feeding pulp can carefully craft his repository to overwrite arbitrary files owned by the Apache webserver...

6.8CVSS5.8AI score0.01067EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/05/28 1:50 p.m.6 views

Moderate: Red Hat Enhancement Advisory: RHUI 3.1 bug fix and enhancement update

Updated RHUI 3 packages that fix several bugs and various enhancements are now available. Red Hat Update Infrastructure RHUI is a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red...

6.8CVSS6.6AI score0.01067EPSS
Exploits0References9
Veracode
Veracode
added 2019/05/27 12:56 a.m.21 views

Information Disclosure

Pulp is vulnerable to information disclosure. An attacker with API access can view sensitive credentials when triggering a task via distributor/importer...

7.5CVSS8AI score0.01338EPSS
Exploits0References91Affected Software221
Veracode
Veracode
added 2019/05/20 12:55 a.m.27 views

Directory Traversal

pulp is vulnerable to directory traversal. A malicious user is able to write to arbitrary locations or overwrite published content on other iso feed repository caused by improper parsing of file paths...

6.8CVSS6.6AI score0.01067EPSS
Exploits0References469Affected Software242
Veracode
Veracode
added 2019/05/16 2:19 a.m.26 views

Authentication Bypass

Red Hat Satellite is vulnerable to authentication bypass attacks. This is because the Pulp's pulp-qpid-ssl-cfg script uses bash's $RANDOM in unsafe ways to generate a NSS DB password. An attacker could potentially guess the seed used given enough time and compute resources...

7.5CVSS8AI score0.03213EPSS
Exploits0References110Affected Software53
RedHat Linux
RedHat Linux
added 2019/05/14 1:35 p.m.5 views

pulp: Improper path parsing leads to overwriting of iso repositories

A path traversal flaw was found in the ISO repository plugin for pulp. An attacker, with access to a repository feeding pulp can carefully craft his repository to overwrite arbitrary files owned by the Apache webserver...

6.8CVSS5.8AI score0.01067EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/05/14 12:0 a.m.58 views

RHEL 7 : Satellite 6.5 Release (Moderate) (RHSA-2019:1222)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1222 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring...

7.8CVSS6.6AI score0.04913EPSS
Exploits2References478
Veracode
Veracode
added 2019/05/02 4:41 a.m.28 views

Privilege Escalation

Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service IaaS product that lets you create and manage private and public clouds. This update fixes bugs in and adds enhancements to the System Engine packages, and upgrades the system to CloudForms 1.1. This update also fixes the...

5.5CVSS5.6AI score0.01042EPSS
Exploits0References235Affected Software12
Veracode
Veracode
added 2019/01/15 9:9 a.m.14 views

Information Disclosure

pulp is vulnerable to information disclosure. An insecure file permission in the /etc/pki/pulp/nodes/ directory allows local users to retrieve confidential information...

5.5CVSS5AI score0.02839EPSS
Exploits0References241Affected Software36
Rows per page
Query Builder