Update Infrastructure Security Vulnerabilities - July
RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates
5.5CVSS
5.6AI Score
0.0005EPSS
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
5.5CVSS
5.8AI Score
0.0005EPSS
A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
7.5CVSS
7.2AI Score
0.002EPSS
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
7.5CVSS
7.2AI Score
0.001EPSS