CVE-2022-3644 Information

Description

The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp’s encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.

Reference

https://github.com/pulp/pulp_ansible/blob/main/pulp_ansible/app/models.py#L234