← back
CVE-2023-4380

Platform: token exposed at importing project

CVSS 6.3 MEDIUMEPSS 0.5%CWE-532
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.3EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
04 Oct 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected products
Red Hat · Red Hat Ansible Automation Platform 2.4 for RHEL 8Red Hat · Red Hat Ansible Automation Platform 2.4 for RHEL 9

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2023:4693https://access.redhat.com/security/cve/CVE-2023-4380https://bugzilla.redhat.com/show_bug.cgi?id=2232324