CVE-2023-4380

Published: Oct 4, 2023Modified: Nov 21, 2024

6.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploitability: 2.8 / Impact: 3.4

Source: NVD

Description

A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.

Affected (3)

Products: Redhat: Ansible Automation Platform, Ansible Developer, Ansible Inside

3 products

Ansible Automation Platform

Ansible Developer

Configuration A

3 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Redhat Ansible Automation Platform	Version 2.4
Redhat Ansible Developer	Version 1.1
Redhat Ansible Inside	Version 1.2

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux	Version 9.0

Related CWEs

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (6)

https://access.redhat.com/errata/RHSA-2023:4693

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2023-4380

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2232324

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://access.redhat.com/errata/RHSA-2023:4693

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2023-4380

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2232324

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.