What is CVE-2023-4380?

CVE-2023-4380 is a logic flaw vulnerability in Ansible that allows an attacker to retrieve credentials from the log.

How does CVE-2023-4380 affect the affected software?

CVE-2023-4380 affects the affected software by logging credentials in plaintext, leading to the loss of confidentiality, integrity, and availability.

What is the severity of CVE-2023-4380?

The severity of CVE-2023-4380 is medium with a severity value of 6.3.

How can I fix CVE-2023-4380?

To fix CVE-2023-4380, update to version 1.0.1 of the 'automation-eda-controller' package or update to the latest version of the affected software.

What is the Common Weakness Enumeration (CWE) of CVE-2023-4380?

The Common Weakness Enumeration (CWE) of CVE-2023-4380 is CWE-532.

Vulnerability/
CVE-2023-4380

medium

6.3

CWE

532

16/8/2023

4/10/2023

1/5/2024

CVE-2023-4380: Ansible automation platform: token exposed at importing project

First published: Wed Aug 16 2023(Updated: )

A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
All of
Any of
Redhat Ansible Automation Platform	=2.4
Redhat Ansible Developer	=1.1
Redhat Ansible Inside	=1.2
Any of
Redhat Enterprise Linux	=8.0
Redhat Enterprise Linux	=9.0
Redhat Ansible Automation Platform	=2.4
Redhat Ansible Developer	=1.1
Redhat Ansible Inside	=1.2
Redhat Enterprise Linux	=8.0
Redhat Enterprise Linux	=9.0
redhat/automation-eda-controller	<1.0.1	1.0.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-4380?
CVE-2023-4380 is a logic flaw vulnerability in Ansible that allows an attacker to retrieve credentials from the log.
How does CVE-2023-4380 affect the affected software?
CVE-2023-4380 affects the affected software by logging credentials in plaintext, leading to the loss of confidentiality, integrity, and availability.
What is the severity of CVE-2023-4380?
The severity of CVE-2023-4380 is medium with a severity value of 6.3.
How can I fix CVE-2023-4380?
To fix CVE-2023-4380, update to version 1.0.1 of the 'automation-eda-controller' package or update to the latest version of the affected software.
What is the Common Weakness Enumeration (CWE) of CVE-2023-4380?
The Common Weakness Enumeration (CWE) of CVE-2023-4380 is CWE-532.

collector/nvd-index
agent/type
agent/first-publish-date
agent/author
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/title
agent/references
agent/weakness
agent/severity
agent/softwarecombine
agent/event
agent/tags
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2023-4380
agent/last-modified-date
agent/description
collector/mitre-cve
source/MITRE
vendor/redhat
canonical/redhat ansible automation platform
version/redhat ansible automation platform/2.4
canonical/redhat ansible developer
version/redhat ansible developer/1.1
canonical/redhat ansible inside
version/redhat ansible inside/1.2
canonical/redhat enterprise linux
version/redhat enterprise linux/8.0
version/redhat enterprise linux/9.0
package-manager/redhat

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.