CVE-2018-1002150: Koji hub call does not perform correct access checks

July 12, 2018 (updated September 27, 2024)

Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1.

References

docs.pagure.org/koji/CVE-2018-1002150
github.com/advisories/GHSA-6mww-xvh7-fq4f
github.com/pypa/advisory-database/tree/main/vulns/koji/PYSEC-2018-86.yaml
nvd.nist.gov/vuln/detail/CVE-2018-1002150
pagure.io/koji
pagure.io/koji/c/ab1ade7
pagure.io/koji/issue/850

Code Behaviors & Features

Detect and mitigate CVE-2018-1002150 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →