Vulnerability Details CVE-2022-3644
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.1%
CVSS Severity
CVSS v3 Score 5.5
References
Products affected by CVE-2022-3644
-
cpe:2.3:a:pulpproject:pulp_ansible:-
-
cpe:2.3:a:redhat:ansible_automation_platform:2.0
-
cpe:2.3:a:redhat:satellite:6.0
-
cpe:2.3:a:redhat:update_infrastructure:3.0