CVE-2015-5153 — Vulnetix

CVE-2015-5153 PUBLISHED CVSS 6.5 MEDIUM

Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name.

EPSS 0.43% · 62.7th percentile

Risk Scores

CVSS v2.0

6.5

EPSS Score

0.43%

62.7th percentile

Affected Products

Vendor	Product	Versions
pulp_project	pulp
n/a	n/a	n/a

Timeline

Aug 18, 2017 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 17, 2022 CVE Updated
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 17, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 1, 2023 EPSS Score

References

https://bugzilla.redhat.com/show_bug.cgi?id=1243526 url
https://nvd.nist.gov/vuln/detail/CVE-2015-5153 advisory

Open in Interactive Console →