PT-2023-28992 · Ansible · Ansible Automation Platform

Vipul Nair

Publicado

2023-08-16

Atualizado

2024-01-01

CVE-2023-4380

CVSS v3.1

6.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Ansible Automation platform (affected versions not specified)

Description A logic flaw exists in the Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insertion into Log File

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-532

Identificadores relacionados

CVE-2023-4380

RHSA-2023:4693

Produtos afetados

Ansible Automation Platform

PT-2023-28992 · Ansible · Ansible Automation Platform

CVE-2023-4380

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13