Vulnerability Details CVE-2023-4380
A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.5%
CVSS Severity
CVSS v3 Score 6.3
References
- https://access.redhat.com/errata/RHSA-2023:4693
- https://access.redhat.com/security/cve/CVE-2023-4380
- https://bugzilla.redhat.com/show_bug.cgi?id=2232324
- https://access.redhat.com/errata/RHSA-2023:4693
- https://access.redhat.com/security/cve/CVE-2023-4380
- https://bugzilla.redhat.com/show_bug.cgi?id=2232324
Products affected by CVE-2023-4380
-
cpe:2.3:a:redhat:ansible_automation_platform:2.4
-
cpe:2.3:a:redhat:ansible_developer:1.1
-
cpe:2.3:a:redhat:ansible_inside:1.2
-
cpe:2.3:o:redhat:enterprise_linux:8.0
-
cpe:2.3:o:redhat:enterprise_linux:9.0