VDB

CVE-2022-3644

CVE-2022-3644 PUBLISHED CVSS 5.5 MEDIUM

Reported by redhat · Published October 25, 2022

The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
n/apulp_ansible0.15
n/apulp_ansible0.15

Exploit Intelligence

Timeline

  • Oct 25, 2022 CVE Published
  • Oct 26, 2022 EPSS Score
  • Dec 9, 2022 EPSS Score
  • Jan 21, 2023 EPSS Score
  • Mar 6, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 18, 2023 EPSS Score
  • Jun 1, 2023 EPSS Score
  • Jul 14, 2023 EPSS Score
  • Aug 27, 2023 EPSS Score
  • Oct 9, 2023 EPSS Score
  • Nov 22, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›