CVE-2018-10917 MEDIUM

CVE-2018-10917

Vendor [Unknown]
Product pulp
Weakness CWE-22 · Path traversal
Published August 15, 2018
Last update August 5, 2024

CVSS base score

6.8/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories.

Key dates

02Disclosure timeline

August 15, 2018 CVE published
August 5, 2024 Record updated