CVE-2018-1090
NONE EPSS 67.7%
Published Jun 18, 20188y ago · Modified Jun 17, 20262w ago
Published Jun 18, 2018 8y ago
Last Modified Jun 17, 2026 2w ago
Description
In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets.
Threat Intelligence
EPSS Exploit Probability
67.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
Affected Products 3
| Vendor | Product | Version | Range |
|---|---|---|---|
| pulpproject | pulp | * | <2.16.2 |
| fedoraproject | fedora | * | any |
| redhat | satellite | 6.4 | any |
References 3
- access.redhat.com https://access.redhat.com/errata/RHSA-2018:2927
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1090
- pulp.plan.io https://pulp.plan.io/issues/3521
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.