apk package
chainguard/py3-pulp
pkg:apk/chainguard/py3-pulp
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-7143 | — | < 3.3.0-r0 | 3.3.0-r0 | Aug 7, 2024 | A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the | ||
| CVE-2015-5153 | Hig | 8.8 | < 3.3.0-r0 | 3.3.0-r0 | Aug 18, 2017 | Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name. |
- CVE-2024-7143Aug 7, 2024affected < 3.3.0-r0fixed 3.3.0-r0
A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the
- affected < 3.3.0-r0fixed 3.3.0-r0
Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name.