A vulnerability was found in Pulp up to 2.2.x. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Certificate. The manipulation leads to improper certificate validation (Default). The CWE definition for the vulnerability is CWE-295. The bug was discovered 04/18/2016. The weakness was shared 04/03/2017 (oss-sec). It is possible to read the advisory at openwall.com. This vulnerability is known as CVE-2013-7450. The attack can be launched remotely. There are no technical details available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. The attack technique deployed by this issue is T1587.003 according to MITRE ATT&CK. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 350 days. We expect the 0-day to have been worth approximately $0-$5k. Upgrading to version 2.3.0 is able to address this issue. The bugfix is ready for download at github.com. It is recommended to upgrade the affected component. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
Do you know our Splunk app?
Download it now for free!