Vulnerability Description
A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Ansible Automation Platform | 2.4 |
| Redhat | Ansible Developer | 1.1 |
| Redhat | Ansible Inside | 1.2 |
| Redhat | Enterprise Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2023:4693Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2023-4380Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2232324Issue TrackingVendor Advisory
- https://access.redhat.com/errata/RHSA-2023:4693Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2023-4380Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2232324Issue TrackingVendor Advisory
FAQ
What is CVE-2023-4380?
CVE-2023-4380 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credent...
How severe is CVE-2023-4380?
CVE-2023-4380 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-4380?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Ansible Automation Platform, Redhat Ansible Developer, Redhat Ansible Inside, Redhat Enterprise Linux.