Back to bug 1247732
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Kurt Seifried | 2015-07-28 17:12:04 UTC | Depends On | 1246263 | |
| Kurt Seifried | 2015-07-28 17:33:35 UTC | Blocks | 1247734 | |
| Kurt Seifried | 2015-08-19 21:23:22 UTC | Doc Text | A flaw was found in the handling of Python pickle() encoded messages on the Qpid server on Satellite 6. The Qpid server did not properly restrict message types that can be sent from managed content hosts. An attacker with administrative access to a managed content host could send arbitrary messages containing pickle() encoded data which would then be processed on the Satellite 6 server causing possible code execution. | |
| Summer Long | 2015-08-25 05:14:15 UTC | CC | slong | |
| Doc Text | A flaw was found in the handling of Python pickle() encoded messages on the Qpid server on Satellite 6. The Qpid server did not properly restrict message types that can be sent from managed content hosts. An attacker with administrative access to a managed content host could send arbitrary messages containing pickle() encoded data which would then be processed on the Satellite 6 server causing possible code execution. | A flaw was found in the handling of Python pickle()-encoded messages in the Qpid server on Satellite 6. The Qpid server did not properly restrict message types that can be sent from managed content hosts. An attacker with administrative access to a managed content host could send arbitrary messages containing pickle()-encoded data, which would then be processed on the Satellite 6 server and result in possible code execution. | ||
| Kurt Seifried | 2015-09-10 22:18:28 UTC | Whiteboard | impact=moderate,public=20150728,reported=20150723,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,rhn_satellite_6/Security=affected | impact=moderate,public=20150728,reported=20150723,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,cwe=502,rhn_satellite_6/Security=affected |
| Kurt Seifried | 2015-09-10 23:22:25 UTC | Whiteboard | impact=moderate,public=20150728,reported=20150723,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,cwe=502,rhn_satellite_6/Security=affected | impact=moderate,public=20150728,reported=20150723,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,cwe=CWE-502,rhn_satellite_6/Security=affected |
| Brian Bouterse | 2015-09-11 16:15:13 UTC | CC | bbouters | |
| Link ID | Pulp Redmine 23 | |||
| pulp-infra | 2015-09-11 16:30:56 UTC | CC | mhrivnak | |
| Stuart Auchterlonie | 2015-09-28 13:27:07 UTC | CC | sauchter | |
| Kurt Seifried | 2015-11-06 16:56:32 UTC | Blocks | 1247734 | |
| pulp-infra | 2016-11-21 21:04:22 UTC | Status | NEW | POST |
| pulp-infra | 2017-06-05 18:43:12 UTC | CC | pcreech | |
| pulp-infra | 2017-06-05 18:43:16 UTC | CC | ttereshc | |
| Brian Bouterse | 2017-07-26 20:00:32 UTC | CC | bbouters | |
| pulp-infra | 2018-05-25 15:39:44 UTC | CC | rchan | |
| pulp-infra | 2018-05-25 15:39:47 UTC | CC | dkliban | |
| pulp-infra | 2018-09-19 15:24:07 UTC | CC | daviddavis | |
| PnT Account Manager | 2019-04-22 21:30:32 UTC | CC | tjay | |
| Product Security DevOps Team | 2019-09-29 13:35:15 UTC | Whiteboard | impact=moderate,public=20150728,reported=20150723,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N,cwe=CWE-502,rhn_satellite_6/Security=affected | |
| pulp-infra | 2020-10-05 14:54:22 UTC | CC | bmbouter | |
| pulp-infra | 2020-10-05 14:54:24 UTC | CC | ipanova | |
| pulp-infra | 2021-04-06 18:04:44 UTC | CC | ggainey | |
| Gary Scarborough | 2021-11-04 20:01:04 UTC | CC | gscarbor | |
| Red Hat Bugzilla | 2021-11-14 22:29:20 UTC | CC | daviddavis | |
| Red Hat Bugzilla | 2021-11-14 22:30:12 UTC | CC | sauchter | |
| Red Hat Bugzilla | 2022-07-18 09:51:13 UTC | CC | mmccune | |
| Red Hat Bugzilla | 2023-05-31 23:37:28 UTC | CC | cperry | |
| Red Hat Bugzilla | 2023-07-07 08:30:22 UTC | Assignee | security-response-team | nobody |
Back to bug 1247732