CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Pulpproject: >> Pulp Security Vulnerabilities

CVE-2016-3112

client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer private keys and escalate privileges by reading /etc/pki/pulp/consumer/consumer-cert, and authenticating as a consumer user.

CVSS Score

7.5

EPSS Score

0.004

Published

2017-06-08

CVE-2016-3106

Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner.

CVSS Score

5.3

EPSS Score

0.002

Published

2017-04-13

CVE-2013-7450

Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations.

CVSS Score

7.5

EPSS Score

0.002

Published

2017-04-03

Page 2

Vulnerabilities

Vulnerable Software

Pulpproject: >> Pulp Security Vulnerabilities

Products

Pricing

Contact Us