CVE-2022-3644

Published October 25th, 2022

View on NVD ↗

CVSS v3

5.5

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.

pulp/pulp_ansible

A Pulp plugin that manages Ansible content, i.e. roles, collections

GitHub