It is reported by Austin Macdonald that pulp fails to properly remove existing
permissions when an object is deleted (e.g. a user account), if an object with
the same name is later created it will inherit the previous permissions leading
to a potential privilege escalation. Please note that due to the manner in
which pulp is used in Satellite6 it is not vulnerable.