Description
A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:4693
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-4380
Issue Tracking, Vendor Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2232324
Scores
CVSS v3
6.3
EPSS
0.0007
EPSS Percentile
22.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-532
Status
published
Products (3)
redhat/ansible_automation_platform
2.4
redhat/ansible_developer
1.1
redhat/ansible_inside
1.2
Published
Oct 04, 2023
Tracked Since
Feb 18, 2026