PYSEC-2026-900

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/pulp-ansible/PYSEC-2026-900.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-900
Aliases
Published
2026-07-07T10:17:22.799524Z
Modified
2026-07-07T11:45:17.439109720Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Plaintext storage of tokens in pulp_ansible
Details

The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.

References

Affected packages

PyPI / pulp-ansible

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.15.0

Affected versions

0.*
0.0.1b1
0.1.0b2
0.1.0rc1
0.1.0rc2
0.1.0rc3
0.1.0rc4
0.1.0rc5
0.2.0b1
0.2.0b2
0.2.0b3
0.2.0b4
0.2.0b5
0.2.0b6
0.2.0b7
0.2.0b8
0.2.0b9
0.2.0b10
0.2.0b11
0.2.0b12
0.2.0b13
0.2.0b14
0.2.0b15
0.2.0
0.3.0
0.4.0
0.4.1
0.4.2
0.4.3
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.5.8
0.5.9
0.5.10
0.5.11
0.6.0
0.6.1
0.6.2
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.8.0
0.8.1
0.9.0
0.9.1
0.9.2
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.5
0.11.0
0.11.1
0.12.0
0.12.1
0.13.0
0.13.1
0.13.2
0.13.4
0.13.5
0.13.6
0.14.0
0.14.1
0.14.2

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/pulp-ansible/PYSEC-2026-900.yaml"