How severe is CVE-2024-7143?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2024-7143?

This is classified as CWE-277, which is a common weakness in software security.

CVE-2024-7143

MEDIUM Year: 2024

CVSS v3 Score

6.7

Medium

Weakness Type

CWE-277

View all →

Vulnerability Description

A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the current authenticated user. For objects that are created within a task, this current user is set by the first user with any permissions on the task object. This means the oldest user with model/domain-level task permissions will always be set as the current user of a task, even if they didn't dispatch the task. Therefore, all objects created in tasks will have their permissions assigned to this oldest user, and the creating user will receive nothing.

CVE-2023-45736

MEDIUM

CVSS:6.7(Medium)

Insecure inherited permissions in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-2772023

CVE-2024-51448

MEDIUM

CVSS:6.7(Medium)

IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the p...

CWE-2772024

CVE-2025-20629

MEDIUM

CVSS:6.7(Medium)

Insecure inherited permissions in the NVM Update Utility for some Intel(R) Ethernet Network Adapter E810 Series before version 4.60 may allow an authenticated user to potentially enable escalation of ...

CWE-2772025

CVE-2025-29982

MEDIUM

CVSS:6.8(Medium)

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerabilit...

CWE-2772025

CVE-2025-31332

MEDIUM

CVSS:6.6(Medium)

Due to insecure file permissions in SAP BusinessObjects Business Intelligence Platform, an attacker who has local access to the system could modify files potentially disrupting operations or cause ser...

CWE-2772025

CVE-2023-33990

HIGH

CVSS:7.1(High)

SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local syst...

CWE-2772023

CVE-2024-7143

Vulnerability Description

Related Vulnerabilities

CVE-2023-45736

CVE-2024-51448

CVE-2025-20629

CVE-2025-29982

CVE-2025-31332

CVE-2023-33990