CVE-2022-3644

Summary

The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.

Affected Software

VendorProductVersion RangeStatus
n/apulp_ansible0.15affected

Weaknesses

  • CWE-256: CWE-256

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References