Every CVE whose affected-product data names Pulpproject Pulp, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2024-7143 — CVSS 8.3 (high): A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation…
CVE-2015-5263 — CVSS 8.1 (high): pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key…
CVE-2013-7450 — CVSS 7.5 (high): Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations.
CVE-2016-3112 — CVSS 7.5 (high): client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable…
CVE-2016-3108 — CVSS 7.1 (high): The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink…
CVE-2018-10917 — CVSS 6.8 (medium): pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to…
CVE-2016-3095 — CVSS 5.5 (medium): server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key.
CVE-2018-1090 — CVSS 5.5 (medium): In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with…
CVE-2016-3107 — CVSS 5.5 (medium): The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/"…
CVE-2016-3111 — CVSS 5.5 (medium): pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp…