Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-3971

An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.

Published

2023-10-04T15:15:12.430

Last Modified

2024-11-21T08:18:25.690

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.3 (HIGH)

Weaknesses
  • Type: Secondary
    CWE-80
  • Type: Primary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application redhat ansible_automation_controller < 4.3.11 Yes
Application redhat ansible_automation_controller 4.4 Yes
Application redhat ansible_automation_platform 2.3 Yes
Application redhat ansible_automation_platform 2.4 Yes
Application redhat ansible_developer 1.0 Yes
Application redhat ansible_inside 1.1 Yes
Operating System redhat enterprise_linux 8.0 No
Operating System redhat enterprise_linux 9.0 No
References