6.3
CVE-2023-4380
- EPSS 0.08%
- Veröffentlicht 04.10.2023 15:15:12
- Zuletzt bearbeitet 21.11.2024 08:34:58
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Ansible Automation Platform Version2.4
Redhat ≫ Ansible Developer Version1.1
Redhat ≫ Ansible Inside Version1.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.234 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.3 | 2.8 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
| secalert@redhat.com | 6.3 | 2.8 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.