galaxy-ng (>=4.2.0 <=4.4.5), pulp-ansible (>=0.2.0 <=0.6.2) potentially affected by CVE-2023-5189 via galaxy-importer (>=0.1.1 <=0.4.0)

galaxy-importer PYPI version =0.1.1, =4.2.0, =0.2.0, =0.6.2 Source cves: CVE-2023-5189 Source advisory: OSV:GHSA-55G2-VM3Q-7W52...

Pulp: Tokens stored in plaintext

A flaw exists in the collection remote for pulpansible, where tokens are stored in plaintext instead of using pulp's encrypted field. This flaw allows an attacker with sufficient privileges to read the stored tokens, resulting in the loss of confidentiality...

Information Disclosure

pulp-ansible is vulnerable to Information Disclosure. The vulnerability exists because the requirementsfile parameter in models.py stores tokens in plain text instead of using pulp's encrypted field, allowing an attacker to modify tokens via the API...

galaxy-ng (>=4.4.0 <=4.5.5) potentially affected by CVE-2022-3644 via pulp-ansible (>=0.10.5 <=0.13.6)

pulp-ansible PYPI version =0.10.5, =4.4.0, =4.5.5 Source cves: CVE-2022-3644 Source advisory: OSV:GHSA-QV37-MFJF-42H8...

CVE-2022-3644

The collection remote for pulpansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API instead of marking it as write only...

CVE-2022-3644

CVE-2022-3644 affects the collection remote for pulp_ansible, where tokens are stored in plaintext instead of pulp’s encrypted field and are exposed in read/write mode via the API rather than being write-only. This leads to potential disclosure of sensitive tokens (confidentiality impact per the ...

pulp_ansible 安全漏洞

pulpansible is a Pulp open source plugin that supports hosting Role and Collection Ansible content. A security vulnerability exists in pulpansible that stems from storing tokens in plaintext instead of using Pulp's encrypted fields...