CVE-2018-10917 β€” Path Traversal in Pulp

CWE-22 β€” Path Traversal6 documents5 sources
Severity
6.5MEDIUMNVD
CNA6.8
EPSS
0.3%
top 49.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Pulpproject Pulp
Timeline
PublishedAug 15
Latest updateMay 13

Description

pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

β–ΆNVDpulpproject/pulp2.16.0+3

πŸ”΄Vulnerability Details

2
GHSA
Withdrawn Advisory: Pulp Improper Path Parsing↗2022-05-13
β–Ά
CVEList
CVE-2018-10917: pulp 2β†—2018-08-15
β–Ά

πŸ“‹Vendor Advisories

1
Red Hat
pulp: Improper path parsing leads to overwriting of iso repositories↗2018-08-14
β–Ά

πŸ’¬Community

2
Bugzilla
CVE-2018-10917 pulp: Improper path parsing leads to overwrite of iso repositories [fedora-all]β†—2018-08-14
β–Ά
Bugzilla
CVE-2018-10917 pulp: Improper path parsing leads to overwriting of iso repositories↗2018-07-06
β–Ά
CVE-2018-10917 β€” Path Traversal in Pulpproject Pulp | cvebase