CVE-2023-4380

Опубликовано: 04 окт. 2023

Источник: nvd

CVSS3: 6.3

EPSS Низкий

Описание

A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.

Ссылки

https://access.redhat.com/errata/RHSA-2023:4693
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2023-4380
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2232324
Issue Tracking
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4693
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2023-4380
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2232324
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:*

cpe:2.3:a:redhat:ansible_developer:1.1:*:*:*:*:*:*:*

cpe:2.3:a:redhat:ansible_inside:1.2:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 22%

0.00074

Низкий

6.3 Medium

CVSS3

Дефекты

CWE-532

Связанные уязвимости

CVE-2023-4380

CVSS3: 6.3

ubuntu

больше 2 лет назад

CVE-2023-4380

CVSS3: 6.3

redhat

больше 2 лет назад

GHSA-2pfv-q6j2-pcrf

CVSS3: 6.3

github

больше 2 лет назад

A logic flaw exists in Ansible. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.

EPSS

Процентиль: 22%

0.00074

Низкий

6.3 Medium

CVSS3

Дефекты

CWE-532