Описание
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:pulpproject:pulp_ansible:-:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:update_infrastructure:3.0:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.00039
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-256
CWE-522
Связанные уязвимости
CVSS3: 4.1
redhat
больше 3 лет назад
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
EPSS
Процентиль: 12%
0.00039
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-256
CWE-522