Metrics
Affected Vendors & Products
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 19 Sep 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Metrics |
ssvc
|
Wed, 18 Sep 2024 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat ansible Automation Platform Developer
Redhat ansible Automation Platform Inside |
|
CPEs | cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9 |
|
Vendors & Products |
Redhat ansible Automation Platform Developer
Redhat ansible Automation Platform Inside |
|
References |
|
Tue, 17 Sep 2024 13:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Pulpproject
Pulpproject pulp |
|
CPEs | cpe:2.3:a:pulpproject:pulp:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:* |
|
Vendors & Products |
Pulpproject
Pulpproject pulp |
|
Metrics |
cvssV3_1
|
Tue, 10 Sep 2024 23:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
ssvc
|
Wed, 07 Aug 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 07 Aug 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Wed, 07 Aug 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the current authenticated user. For objects that are created within a task, this current user is set by the first user with any permissions on the task object. This means the oldest user with model/domain-level task permissions will always be set as the current user of a task, even if they didn't dispatch the task. Therefore, all objects created in tasks will have their permissions assigned to this oldest user, and the creating user will receive nothing. | |
Title | Pulpcore: rbac permissions incorrectly assigned in tasks that create objects | |
First Time appeared |
Redhat
Redhat ansible Automation Platform Redhat rhui Redhat satellite |
|
Weaknesses | CWE-277 | |
CPEs | cpe:/a:redhat:ansible_automation_platform:2 cpe:/a:redhat:rhui:4::el8 cpe:/a:redhat:satellite:6 |
|
Vendors & Products |
Redhat
Redhat ansible Automation Platform Redhat rhui Redhat satellite |
|
References |
| |
Metrics |
cvssV3_0
|
Status: PUBLISHED
Assigner: redhat
Published: 2024-08-07T16:49:29.842Z
Updated: 2024-11-24T19:15:39.083Z
Reserved: 2024-07-26T18:48:08.747Z
Link: CVE-2024-7143
Updated: 2024-09-10T22:53:16.986Z
Status : Modified
Published: 2024-08-07T17:15:52.337
Modified: 2024-11-21T09:50:56.110
Link: CVE-2024-7143