Published: 04/10/2023 Updated: 07/11/2023

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 0

An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an malicious user to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat ansible automation controller 4.4
redhat ansible automation controller
redhat ansible_automation_platform 2.3
redhat ansible_automation_platform 2.4
redhat ansible_developer 1.0
redhat ansible_inside 1.1

Synopsis Moderate: Red Hat Ansible Automation Platform 23 Product Security and Bug Fix Update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Ansible Automation Platform 23Red Hat P ...

Synopsis Moderate: Red Hat Ansible Automation Platform 24 Product Security and Bug Fix Update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Ansible Automation Platform 24Red Hat P ...

Description This CVE is under investigation by Red Hat Product Security ...

CWE-79 https://access.redhat.com/errata/RHSA-2023:4340 https://access.redhat.com/security/cve/CVE-2023-3971 https://access.redhat.com/errata/RHSA-2023:4590 https://bugzilla.redhat.com/show_bug.cgi?id=2226965 https://access.redhat.com/errata/RHSA-2023:4590 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-3971

CVE-2023-3971

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect