// For flags

CVE-2023-4380

Platform: token exposed at importing project

Severity Score

6.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.

Existe un defecto lógico en Ansible. Siempre que se crea un proyecto privado con credenciales incorrectas, se registra en texto plano. Esta falla permite que un atacante recupere las credenciales del registro, lo que resulta en la pérdida de confidencialidad, integridad y disponibilidad.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-08-16 CVE Reserved
  • 2023-08-22 CVE Published
  • 2024-09-03 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-532: Insertion of Sensitive Information into Log File
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Redhat
Search vendor "Redhat"
 Ansible Automation Platform
Search vendor "Redhat" for product "Ansible Automation Platform"
 2.4
Search vendor "Redhat" for product "Ansible Automation Platform" and version "2.4"
-
Affected
in Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Safe
Redhat
Search vendor "Redhat"
 Ansible Automation Platform
Search vendor "Redhat" for product "Ansible Automation Platform"
 2.4
Search vendor "Redhat" for product "Ansible Automation Platform" and version "2.4"
-
Affected
in Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 9.0
Search vendor "Redhat" for product "Enterprise Linux" and version "9.0"
-
Safe
Redhat
Search vendor "Redhat"
 Ansible Developer
Search vendor "Redhat" for product "Ansible Developer"
 1.1
Search vendor "Redhat" for product "Ansible Developer" and version "1.1"
-
Affected
in Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Safe
Redhat
Search vendor "Redhat"
 Ansible Developer
Search vendor "Redhat" for product "Ansible Developer"
 1.1
Search vendor "Redhat" for product "Ansible Developer" and version "1.1"
-
Affected
in Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 9.0
Search vendor "Redhat" for product "Enterprise Linux" and version "9.0"
-
Safe
Redhat
Search vendor "Redhat"
 Ansible Inside
Search vendor "Redhat" for product "Ansible Inside"
 1.2
Search vendor "Redhat" for product "Ansible Inside" and version "1.2"
-
Affected
in Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Safe
Redhat
Search vendor "Redhat"
 Ansible Inside
Search vendor "Redhat" for product "Ansible Inside"
 1.2
Search vendor "Redhat" for product "Ansible Inside" and version "1.2"
-
Affected
in Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 9.0
Search vendor "Redhat" for product "Enterprise Linux" and version "9.0"
-
Safe