Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/pulpcore@3.56.1
purl pkg:pypi/pulpcore@3.56.1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-1xj7-2e48-73d2 Pulp incorrectly assigns RBAC permissions in tasks that create objects A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the current authenticated user. For objects that are created within a task, this current user is set by the first user with any permissions on the task object. This means the oldest user with model/domain-level task permissions will always be set as the current user of a task, even if they didn't dispatch the task. Therefore, all objects created in tasks will have their permissions assigned to this oldest user, and the creating user will receive nothing. CVE-2024-7143
GHSA-9m5j-4xx9-44j9

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-29T21:46:46.953718+00:00 GitLab Importer Fixing VCID-1xj7-2e48-73d2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pulpcore/CVE-2024-7143.yml 38.5.0
2026-04-16T23:05:38.516672+00:00 GitLab Importer Fixing VCID-1xj7-2e48-73d2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pulpcore/CVE-2024-7143.yml 38.4.0
2026-04-12T00:23:36.579403+00:00 GitLab Importer Fixing VCID-1xj7-2e48-73d2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pulpcore/CVE-2024-7143.yml 38.3.0
2026-04-03T00:31:14.716446+00:00 GitLab Importer Fixing VCID-1xj7-2e48-73d2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pulpcore/CVE-2024-7143.yml 38.1.0