Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-4380

A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.

Published

2023-10-04T15:15:12.703

Last Modified

2024-11-21T08:34:58.260

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.3 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-532
  • Type: Primary
    CWE-532
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application redhat ansible_automation_platform 2.4 Yes
Application redhat ansible_developer 1.1 Yes
Application redhat ansible_inside 1.2 Yes
Operating System redhat enterprise_linux 8.0 No
Operating System redhat enterprise_linux 9.0 No
References