CVE-2023-4380

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Oct 4, 2023

Updated: Jan 1, 2024

CWE ID 200

Summary

CVE-2023-4380 is a logic flaw discovered in Ansible Automation platform. When a user creates a private project with incorrect credentials, these credentials are logged in plaintext. The vulnerability exposes confidential information, making it easier for attackers to gain unauthorized access, compromise data integrity, and potentially disrupt system availability. This issue underscores the importance of secure credential management in automation platforms.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

python-urllib3
Fedora Operating System
Debian

Affected Vendors

Debian
Fedora Project
Python Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/swxhxw
https://www.cve.org/CVERecord?id=CVE-2023-4380
https://nvd.nist.gov/vuln/detail/CVE-2023-4380

Back to Vulnerability Database