CVE-2023-4380

Summary

A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Ansible Automation Platform 2.4 for RHEL 80:1.0.1-1.el8ap < *unaffected
Red HatRed Hat Ansible Automation Platform 2.4 for RHEL 90:1.0.1-1.el9ap < *unaffected

Weaknesses

  • CWE-532: Insertion of Sensitive Information into Log File

ADP Enrichment

CVE Program Container

Additional References

References