CVE-2023-4380
Summary
| CVE | CVE-2023-4380 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-10-04 15:15:00 UTC |
| Updated | 2024-01-01 23:15:00 UTC |
| Description | A logic flaw exists in Ansible. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability. |
Risk And Classification
Problem Types: CWE-532
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Ansible Automation Platform | 2.4 | All | All | All |
| Application | Redhat | Ansible Developer | 1.1 | All | All | All |
| Application | Redhat | Ansible Inside | 1.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 8.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 9.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 2232324 – (CVE-2023-4380) CVE-2023-4380 Ansible: token exposed at importing project | MISC | bugzilla.redhat.com | |
| Red Hat | MISC | access.redhat.com | |
| cve-details | MISC | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.