PT-2023-4750 · Red Hat · Red Hat Ansible
Published
2023-08-28
·
Updated
2026-03-22
·
CVE-2023-4567
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Red Hat Ansible (affected versions not specified)
Description
The issue is related to the lack of protection of the SQL query structure in Red Hat Ansible's configuration management system. Exploitation of this issue could allow a remote attacker to impact the integrity and availability of protected information using the
SOCIAL AUTH GITHUB KEY parameter in the "/api/v2/settings/all/" endpoint.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Ansible