Posted on Leave a comment

CVE-2015-5153

Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name.

Leave a Reply

Your email address will not be published. Required fields are marked *