GHSA-qv37-mfjf-42h8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qv37-mfjf-42h8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-qv37-mfjf-42h8/GHSA-qv37-mfjf-42h8.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-qv37-mfjf-42h8
- Aliases
-
- CVE-2022-3644
- Published
- 2022-10-25T19:00:22Z
- Modified
- 2023-11-08T04:10:02.883600Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Plaintext storage of tokens in pulp_ansible
- Details
-
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
- Database specific
{ "nvd_published_at": "2022-10-25T18:15:00Z", "github_reviewed_at": "2022-10-25T22:28:13Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-256", "CWE-522" ] }- References
Affected packages
PyPI / pulp-ansible
Package
- Name
- pulp-ansible
- View open source insights on deps.dev
- Purl
- pkg:pypi/pulp-ansible
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.15.0
Affected versions
0.*
0.0.1b1
0.1.0b2
0.1.0rc1
0.1.0rc2
0.1.0rc3
0.1.0rc4
0.1.0rc5
0.2.0b1
0.2.0b2
0.2.0b3
0.2.0b4
0.2.0b5
0.2.0b6
0.2.0b7
0.2.0b8
0.2.0b9
0.2.0b10
0.2.0b11
0.2.0b12
0.2.0b13
0.2.0b14
0.2.0b15
0.2.0
0.3.0
0.4.0
0.4.1
0.4.2
0.4.3
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.5.8
0.5.9
0.5.10
0.5.11
0.6.0
0.6.1
0.6.2
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.8.0
0.8.1
0.9.0
0.9.1
0.9.2
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.5
0.11.0
0.11.1
0.12.0
0.12.1
0.13.0
0.13.1
0.13.2
0.13.4
0.13.5
0.13.6
0.14.0
0.14.1
0.14.2