Main Vulnerability Database Vulnerabilities #VU36778

Path traversal in Pulp - CVE-2018-10917

Published: August 15, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36778

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-10917

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Pulp

Software vendor:
Pulp

Description

The vulnerability allows a remote authenticated user to manipulate data.

pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories.

Remediation

Install update from vendor's website.

External links

https://access.redhat.com/errata/RHSA-2019:1222
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10917

Path traversal in Pulp - CVE-2018-10917

Description

Remediation

External links

Please verify you're human