CVE-2023-4380

CWE-532 — Log File Information Exposure5 documents5 sources

Severity

6.3MEDIUM

EPSS

0.1%

top 77.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Ansible Automation Platform Redhat Ansible Developer Redhat Ansible Inside

Timeline

PublishedOct 4

Description

A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages3 packages

▶NVDredhat/ansible_automation_platform2.4

▶NVDredhat/ansible_inside1.2

▶NVDredhat/ansible_developer1.1

🔴Vulnerability Details

OSV

CVE-2023-4380: A logic flaw exists in Ansible Automation platform↗2023-10-04

▶

CVEList

Platform: token exposed at importing project↗2023-10-04

▶

GHSA

GHSA-2pfv-q6j2-pcrf: A logic flaw exists in Ansible↗2023-10-04

▶

📋Vendor Advisories

Red Hat

platform: token exposed at importing project↗2023-08-16

▶