What the vulnerability does

01Description

The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.

Key dates

02Disclosure timeline

October 25, 2022 CVE published
May 7, 2025 Record updated