CVE-2023-4380

A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_developer:1.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_inside:1.2:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

History

21 Nov 2024, 08:34

Type Values Removed Values Added
References () https://access.redhat.com/errata/RHSA-2023:4693 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2023:4693 - Vendor Advisory
References () https://access.redhat.com/security/cve/CVE-2023-4380 - Vendor Advisory () https://access.redhat.com/security/cve/CVE-2023-4380 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2232324 - Issue Tracking, Vendor Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=2232324 - Issue Tracking, Vendor Advisory

01 Jan 2024, 23:15

Type Values Removed Values Added
Summary A logic flaw exists in Ansible. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability. A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.

10 Oct 2023, 18:51

Type Values Removed Values Added
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2232324 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2232324 - Issue Tracking, Vendor Advisory
References (MISC) https://access.redhat.com/security/cve/CVE-2023-4380 - (MISC) https://access.redhat.com/security/cve/CVE-2023-4380 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:4693 - (MISC) https://access.redhat.com/errata/RHSA-2023:4693 - Vendor Advisory
CWE CWE-532
CPE cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_developer:1.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_inside:1.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.3
First Time Redhat ansible Automation Platform
Redhat
Redhat enterprise Linux
Redhat ansible Inside
Redhat ansible Developer

04 Oct 2023, 15:53

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-04 15:15

Updated : 2024-11-21 08:34


NVD link : CVE-2023-4380

Mitre link : CVE-2023-4380

CVE.ORG link : CVE-2023-4380


JSON object : View

Products Affected

redhat

  • ansible_automation_platform
  • enterprise_linux
  • ansible_inside
  • ansible_developer
CWE
CWE-532

Insertion of Sensitive Information into Log File