Moderate severityNVD Advisory· Published Oct 25, 2022· Updated May 7, 2025
CVE-2022-3644
CVE-2022-3644
Description
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pulp-ansiblePyPI | < 0.15.0 | 0.15.0 |
Affected products
2- pulp_ansible/pulp_ansibledescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-qv37-mfjf-42h8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-3644ghsaADVISORY
- github.com/pulp/pulp_ansible/blob/main/pulp_ansible/app/models.pyghsaWEB
- github.com/pulp/pulp_ansible/commit/d13c427b09482a7f598d8ee597d17a8a34888665ghsaWEB
- github.com/pulp/pulp_ansible/issues/1221ghsaWEB
News mentions
0No linked articles in our index yet.