CVE-2018-10917

Name of the Vulnerable Software and Affected Versions pulp versions 2.16.x and earlier

Description The issue is related to improper path parsing, allowing a malicious user or a malicious iso feed repository to write to locations accessible to the 'apache' user. This could lead to the overwrite of published content on other iso repositories.

Recommendations For pulp versions 2.16.x and earlier, consider restricting access to the apache user to minimize the risk of exploitation. As a temporary workaround, limit the ability of malicious users or iso feed repositories to write to sensitive locations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.