Author: Cyberthreat Blog

The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the “/etc/pki/pulp/nodes/” directory, which allows local users to gain access to sensitive data.

The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack.

The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.

Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service.

SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0.