High severity8.8NVD Advisory· Published Aug 18, 2017· Updated Jun 17, 2026
CVE-2015-5153
CVE-2015-5153
Description
Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12- cpe:2.3:a:pulp_project:pulp:-:*:*:*:*:*:*:*
- osv-coords10 versionspkg:apk/chainguard/py3.10-pulppkg:apk/chainguard/py3.10-pulp-binpkg:apk/chainguard/py3.11-pulppkg:apk/chainguard/py3.11-pulp-binpkg:apk/chainguard/py3.12-pulppkg:apk/chainguard/py3.12-pulp-binpkg:apk/chainguard/py3.13-pulppkg:apk/chainguard/py3.13-pulp-binpkg:apk/chainguard/py3-pulppkg:apk/chainguard/py3-supported-pulp
< 0+ 9 more
- (no CPE)range: < 0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
Patches
Vulnerability mechanics
References
1- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.