CVE-2013-7450
high
CVSS v3
7.5
CVSS v2
5.0
VIR risk
7.5
Description
Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations.
Predictions
Exploit likelihood
83%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://github.com/pulp/pulp/pull/627
Vendor advisory: cve@mitre.org — https://bugzilla.redhat.com/show_bug.cgi?id=1328345
Vendor advisory: cve@mitre.org — https://bugzilla.redhat.com/show_bug.cgi?id=1003326
Vendor advisory: cve@mitre.org — http://www.openwall.com/lists/oss-security/2016/04/18/5
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| pulpproject | pulp | {"endIncluding":"2.2.1-1"} | |
References
- http://www.openwall.com/lists/oss-security/2016/04/18/11
- http://www.openwall.com/lists/oss-security/2016/04/18/5
- http://www.openwall.com/lists/oss-security/2016/05/20/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1003326
- https://bugzilla.redhat.com/show_bug.cgi?id=1328345
- https://github.com/pulp/pulp/pull/627
- http://www.openwall.com/lists/oss-security/2016/04/18/11
- http://www.openwall.com/lists/oss-security/2016/04/18/5
- http://www.openwall.com/lists/oss-security/2016/05/20/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1003326
- https://bugzilla.redhat.com/show_bug.cgi?id=1328345
- https://github.com/pulp/pulp/pull/627
CWEs
CWE-295
Verify integrity in audit chain (admin only). AS-IS.