Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2017-08-18T18:00:00

Updated: 2024-08-06T06:32:32.879Z

Reserved: 2015-07-01T00:00:00

Link: CVE-2015-5153

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-08-18T18:29:01.110

Modified: 2024-11-21T02:32:27.537

Link: CVE-2015-5153

cve-icon Redhat

Severity : Low

Publid Date: 2015-07-15T00:00:00Z

Links: CVE-2015-5153 - Bugzilla