Path traversal in Pulp

Published: 2018-08-15 | Updated: 2020-08-08

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2018-10917
CWE-ID	CWE-22
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Pulp Web applications / Other software
Vendor	Pulp

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Path traversal

EUVDB-ID: #VU36778

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-10917

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to manipulate data.

pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Pulp: 2.16.1 - 2.16.4

CPE2.3

External links

https://access.redhat.com/errata/RHSA-2019:1222
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10917

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.