Published: 04/10/2023 Updated: 01/01/2024

CVSS v3 Base Score: 6.3 | Impact Score: 3.4 | Exploitability Score: 2.8

VMScore: 0

A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an malicious user to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat ansible_automation_platform 2.4
redhat ansible_developer 1.1
redhat ansible_inside 1.2

Synopsis Moderate: Red Hat Ansible Automation Platform 24 Product Security and Bug Fix Update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Ansible Automation Platform 24Red Hat P ...

Debian Bug report logs - #1051897 ansible: CVE-2023-4380 Package: src:ansible; Maintainer for src:ansible is Lee Garrett <debian@rocketjumpeu>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Wed, 13 Sep 2023 21:21:02 UTC Severity: important Tags: security, upstream Reply or subscribe to this bug Toggl ...

Description This CVE is under investigation by Red Hat Product Security ...

CWE-532 https://access.redhat.com/errata/RHSA-2023:4693 https://bugzilla.redhat.com/show_bug.cgi?id=2232324 https://access.redhat.com/security/cve/CVE-2023-4380 https://access.redhat.com/errata/RHSA-2023:4693 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-4380

CVE-2023-4380

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect