Important: Red Hat Security Advisory: Satellite 6.17.6.3 Async Update

A new release is now available for Red Hat Satellite 6.17 for RHEL 9. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs...

RHEL 9 : Satellite 6.17.6.3 Async Update (Important) (RHSA-2026:2764)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:2764 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

ROS-20251203-02

A vulnerability in the Pulpcore component of the Pulp software package management platform Pulp is related to with a bug in the puppet-pulpcore configuration when using Gunicorn versions prior to 22.0. Exploitation of this vulnerability could allow an attacker acting remotely to bypass the...

EUVD-2024-48867

Malicious code in bioql PyPI...

puppet-pulpcore: An authentication bypass vulnerability exists in pulpcore

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...

Moderate: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2024:6765)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6765 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

puppet-pulpcore: An authentication bypass vulnerability exists in pulpcore

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...

puppet-pulpcore: An authentication bypass vulnerability exists in pulpcore

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...

puppet-pulpcore: An authentication bypass vulnerability exists in pulpcore

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...

CVE-2024-7923

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...

CVE-2024-7923

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...

CVE-2024-7923

CVE-2024-7923: Authentication bypass in Pulpcore when deployed with Gunicorn

CVE-2024-7923 Puppet-pulpcore: an authentication bypass vulnerability exists in pulpcore

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...

CVE-2024-7923 Puppet-pulpcore: an authentication bypass vulnerability exists in pulpcore

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...

CVE-2024-7923

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...

PT-2024-38689

Name of the Vulnerable Software and Affected Versions Pulpcore versions 3.0 and later Gunicorn versions prior to 22.0 Description An authentication bypass issue has been identified due to Apache's mod proxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...

Pulpcore 授权问题漏洞

Pulpcore is a library in the Pulp open source. An authorization issue vulnerability exists in Pulpcore that stems from modproxy not properly unsetting the header...

galaxy-ng (>=4.2.0a3 <=4.9.2), pulp-2to3-migration (>=0.0.1b1 <=0.17.0) +16 more potentially affected by CVE-2024-7143 via pulpcore (>=3.0.1 <=3.54.1)

pulpcore PYPI version =3.0.1, =4.2.0a3, =0.0.1b1, =0.2.0b6, =0.1.0rc4, =1.0.0, =0.1.0b4, =2.0.0b3, =0.1.0, =0.1.0, =0.1.0, =0.1.0a1.dev0, =2.0.0, =3.0.0, =3.0.0, =3.36.0 and more Source cves: CVE-2024-7143 Source advisory: OSV:GHSA-9M5J-4XX9-44J9...

CVE-2024-7143 Pulpcore: rbac permissions incorrectly assigned in tasks that create objects

A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...