Koji hub call does not perform correct access checks

GHSA-6mww-xvh7-fq4f · CVE-2018-1002150 · PYSEC-2018-86

Published Jul 12, 2018 · Modified Feb 18, 2025

Description

Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-1002150
WEB https://docs.pagure.org/koji/CVE-2018-1002150
ADVISORY https://github.com/advisories/GHSA-6mww-xvh7-fq4f
WEB https://github.com/pypa/advisory-database/tree/main/vulns/koji/PYSEC-2018-86.yaml
PACKAGE https://pagure.io/koji
WEB https://pagure.io/koji/c/ab1ade7
WEB https://pagure.io/koji/issue/850

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes