CVE-2024-7143

CVSS 3.1 Score 8.3 of 10 (high)

Details

Published Aug 7, 2024

Updated: Sep 18, 2024

CWE ID 277

Summary

CVE-2024-7143: A vulnerability was discovered in the Pulp package's role-based access control (RBAC) feature. The issue lies in the `AutoAddObjPermsMixin`, specifically the `add_roles_for_object_creator` method, which sets the current user as the object creator. For tasks, the first user with any permissions on the task object determines the current user, potentially leading to unintended assignment of object permissions to users who did not create the objects. This can result in unauthorized access or misconfiguration, impacting the security and integrity of the system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xS3m99
https://www.cve.org/CVERecord?id=CVE-2024-7143
https://nvd.nist.gov/vuln/detail/CVE-2024-7143

Back to Vulnerability Database

CVE-2024-7143

CVSS 3.1 Score 8.3 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations