CVE-2023-3971
published 2023-10-04CVE-2023-3971: An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | ansible_automation_controller | < 4.3.11 | 4.3.11 |
| redhat | ansible_automation_controller | — | — |
| redhat | ansible_automation_platform | — | — |
| redhat | ansible_automation_platform | — | — |
| redhat | ansible_developer | — | — |
| redhat | ansible_inside | — | — |