Redhat Update Infrastructure vulnerabilities

CVE-2023-50782 [HIGH] CWE-203 CVE-2023-50782: A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decry A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

CVE-2023-50781 [HIGH] CWE-203 CVE-2023-50781: A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

CVE-2022-3644 [MEDIUM] CWE-256 CVE-2022-3644: The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.

CVE-2013-4518 [MEDIUM] CWE-200 CVE-2013-4518: RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates