Vulnerabilities > Redhat > Update Infrastructure > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-10-25 CVE-2022-3644 Insufficiently Protected Credentials vulnerability in multiple products
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
local
low complexity
pulpproject redhat CWE-522
5.5
5.5
2019-11-04 CVE-2013-4518 Information Exposure vulnerability in Redhat Update Infrastructure 2.1.3
RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates
local
low complexity
redhat CWE-200
5.5
5.5