CVE-2023-4380

A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_developer:1.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_inside:1.2:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

History

01 Jan 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-04 15:15

Updated : 2024-02-05 00:01


NVD link : CVE-2023-4380

Mitre link : CVE-2023-4380

CVE.ORG link : CVE-2023-4380


JSON object : View

Products Affected

redhat

  • ansible_developer
  • ansible_inside
  • ansible_automation_platform
  • enterprise_linux
CWE
CWE-532

Insertion of Sensitive Information into Log File