Is CVE-2024-7143 actively exploited?

CVE-2024-7143 has no public evidence of in-the-wild exploitation as of 2026-03-20.

What is the CVSS score for CVE-2024-7143?

CVE-2024-7143 has a CVSS score of 8.3 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L.

How do I patch CVE-2024-7143?

Patch guidance is available from pulpproject security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2024-7143.

Which products are affected by CVE-2024-7143?

2 products: pulpproject pulp, pulpproject pulp.

Fix CVE-2024-7143 - HIGH pulpproject pulp

Description

A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the current authenticated user. For objects that are created within a task, this current user is set by the first user with any permissions on the task object. This means the oldest user with model/domain-level task permissions will always be set as the current user of a task, even if they didn't dispatch the task. Therefore, all objects created in tasks will have their permissions assigned to this oldest user, and the creating user will receive nothing.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Attack Vector: network
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: low
Weaknesses: CWE-277

Metadata

Primary Vendor: PULPPROJECT
Published: 8/7/2024
Last Modified: 3/20/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

pulpproject : pulppulpproject : pulp

Remediation Guidance

Executive Summary

Cite this page

CVE-2024-7143. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2024-7143

View on NIST NVD

CVE-2024-7143 vulnerability