{
  "threat_severity" : "Moderate",
  "public_date" : "2022-10-04T12:25:00Z",
  "bugzilla" : {
    "description" : "Pulp: Tokens stored in plaintext",
    "id" : "2131990",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2131990"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-256",
  "details" : [ "The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.", "A flaw exists in the collection remote for pulp_ansible, where tokens are stored in plaintext instead of using pulp's encrypted field. This flaw allows an attacker with sufficient privileges to read the stored tokens, resulting in the loss of confidentiality." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Satellite 6.14 for RHEL 8",
    "release_date" : "2023-11-08T00:00:00Z",
    "advisory" : "RHSA-2023:6818",
    "cpe" : "cpe:/a:redhat:satellite:6.14::el8",
    "package" : "python-pulp-ansible-1:0.16.0-1.el8pc"
  }, {
    "product_name" : "Red Hat Satellite 6.14 for RHEL 8",
    "release_date" : "2023-11-08T00:00:00Z",
    "advisory" : "RHSA-2023:6818",
    "cpe" : "cpe:/a:redhat:satellite_capsule:6.14::el8",
    "package" : "python-pulp-ansible-1:0.16.0-1.el8pc"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Will not fix",
    "package_name" : "python-pulp-ansible",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Update Infrastructure 3 for Cloud Providers",
    "fix_state" : "Affected",
    "package_name" : "pulp",
    "cpe" : "cpe:/a:redhat:rhui:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-3644\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3644" ],
  "name" : "CVE-2022-3644",
  "csaw" : false
}