CVE Vulnerabilities

CVE-2015-5263

Improper Certificate Validation

Published: Sep 25, 2017 | Modified: Oct 05, 2017
CVSS 3.x
8.1
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

pulp-consumer-client 2.4.0 through 2.6.3 does not check the servers TLS certificate signatures when retrieving the servers public key upon registration.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name Vendor Start Version End Version
Pulp Pulpproject 2.4.1 2.4.1
Pulp Pulpproject 2.4.2 2.4.2
Pulp Pulpproject 2.4.3 2.4.3
Pulp Pulpproject 2.4.4 2.4.4
Pulp Pulpproject 2.4.0 2.4.0

Potential Mitigations

References