6.3
CVE-2023-4380
- EPSS 0.08%
- Published 04.10.2023 15:15:12
- Last modified 21.11.2024 08:34:58
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.
Data is provided by the National Vulnerability Database (NVD)
Redhat ≫ Ansible Automation Platform Version2.4
Redhat ≫ Ansible Developer Version1.1
Redhat ≫ Ansible Inside Version1.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.234 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.3 | 2.8 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
| secalert@redhat.com | 6.3 | 2.8 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.