Information Exposure Affecting pulp-ansible package, versions [,0.15.0)
Threat Intelligence
EPSS
0.05% (18th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-PULPANSIBLE-3060119
- published 23 Oct 2022
- disclosed 4 Oct 2022
- credit Unknown
Introduced: 4 Oct 2022
CVE-2022-3644 Open this link in a new tabHow to fix?
Upgrade pulp-ansible
to version 0.15.0 or higher.
Overview
pulp-ansible is a Pulp plugin to manage Ansible content, e.g. roles
Affected versions of this package are vulnerable to Information Exposure due to storing tokens in plaintext, which are then accessible via read API endpoints.
References
CVSS Scores
version 3.1