GHSA-qv37-mfjf-42h8

Опубликовано: 25 окт. 2022

Источник: github

Github: Прошло ревью

CVSS3: 5.5

Описание

Plaintext storage of tokens in pulp_ansible

The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.

Ссылки

Пакеты

Наименование

pulp-ansible

pip

Затронутые версииВерсия исправления

< 0.15.0

0.15.0

EPSS

Процентиль: 12%

0.00039

Низкий

5.5 Medium

CVSS3

CVE ID

CVE-2022-3644

Дефекты

CWE-256

CWE-522

Связанные уязвимости

CVE-2022-3644

CVSS3: 4.1

redhat

больше 3 лет назад

The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.

CVE-2022-3644

CVSS3: 5.5

nvd

больше 3 лет назад

The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.

EPSS

Процентиль: 12%

0.00039

Низкий

5.5 Medium

CVSS3

CVE ID

CVE-2022-3644

Дефекты

CWE-256

CWE-522