PT-2022-23370 · Unknown+1 · Pulp Ansible+1

Published

2022-10-25

Updated

2022-10-28

CVE-2022-3644

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions pulp ansible (affected versions not specified)

Description The issue concerns the storage of tokens in plaintext by the collection remote for pulp ansible, instead of utilizing pulp's encrypted field. These tokens are exposed in read/write mode via the API, contrary to the expected write-only mode.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-256

Related Identifiers

CVE-2022-3644

GHSA-QV37-MFJF-42H8

RHSA-2023:6818

Affected Products

Rocky Linux

Pulp Ansible

PT-2022-23370 · Unknown+1 · Pulp Ansible+1

CVE-2022-3644

Weakness Enumeration

Related Identifiers

Affected Products

References · 9