{"id":"PYSEC-2026-900","summary":"Plaintext storage of tokens in pulp_ansible","details":"The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. ","aliases":["CVE-2022-3644","GHSA-qv37-mfjf-42h8"],"modified":"2026-07-07T11:45:17.439109720Z","published":"2026-07-07T10:17:22.799524Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3644"},{"type":"WEB","url":"https://github.com/pulp/pulp_ansible/issues/1221"},{"type":"WEB","url":"https://github.com/pulp/pulp_ansible/commit/d13c427b09482a7f598d8ee597d17a8a34888665"},{"type":"PACKAGE","url":"https://github.com/pulp/pulp_ansible"},{"type":"WEB","url":"https://github.com/pulp/pulp_ansible/blob/main/pulp_ansible/app/models.py#L234"},{"type":"PACKAGE","url":"https://pypi.org/project/pulp-ansible"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-qv37-mfjf-42h8"}],"affected":[{"package":{"name":"pulp-ansible","ecosystem":"PyPI","purl":"pkg:pypi/pulp-ansible"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.15.0"}]}],"versions":["0.0.1b1","0.1.0b2","0.1.0rc1","0.1.0rc2","0.1.0rc3","0.1.0rc4","0.1.0rc5","0.10.0","0.10.1","0.10.2","0.10.3","0.10.4","0.10.5","0.11.0","0.11.1","0.12.0","0.12.1","0.13.0","0.13.1","0.13.2","0.13.4","0.13.5","0.13.6","0.14.0","0.14.1","0.14.2","0.2.0","0.2.0b1","0.2.0b10","0.2.0b11","0.2.0b12","0.2.0b13","0.2.0b14","0.2.0b15","0.2.0b2","0.2.0b3","0.2.0b4","0.2.0b5","0.2.0b6","0.2.0b7","0.2.0b8","0.2.0b9","0.3.0","0.4.0","0.4.1","0.4.2","0.4.3","0.5.0","0.5.1","0.5.10","0.5.11","0.5.2","0.5.3","0.5.4","0.5.5","0.5.6","0.5.7","0.5.8","0.5.9","0.6.0","0.6.1","0.6.2","0.7.0","0.7.1","0.7.2","0.7.3","0.7.4","0.7.5","0.7.6","0.8.0","0.8.1","0.9.0","0.9.1","0.9.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pulp-ansible/PYSEC-2026-900.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}