CVE & CISA-KEV Catalog

CVE-2023-4380

MEDIUM
6.3
CVSS v3
NVD

Description

A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.

How to fix

Remediation Available
automation-eda-controllerRed Hat / RHEL
Fixed in:0:1.0.1-1.el8apRHSA-2023:4693
Fixed in:0:1.0.1-1.el8apRHSA-2023:4693
Fixed in:0:1.0.1-1.el9apRHSA-2023:4693
Fixed in:0:1.0.1-1.el9apRHSA-2023:4693
automation-eda-controllerRocky
Fixed in:0:1.0.1-1.el8apRHSA-2023:4693
Fixed in:0:1.0.1-1.el8apRHSA-2023:4693
Fixed in:0:1.0.1-1.el9apRHSA-2023:4693
Fixed in:0:1.0.1-1.el9apRHSA-2023:4693
automation-eda-controller-serverRocky
Fixed in:0:1.0.1-1.el8apRHSA-2023:4693
Fixed in:0:1.0.1-1.el9apRHSA-2023:4693
automation-eda-controller-serverRed Hat / RHEL
Fixed in:0:1.0.1-1.el8apRHSA-2023:4693
Fixed in:0:1.0.1-1.el9apRHSA-2023:4693
automation-eda-controller-uiRocky
Fixed in:0:1.0.1-1.el8apRHSA-2023:4693
Fixed in:0:1.0.1-1.el9apRHSA-2023:4693
automation-eda-controller-uiRed Hat / RHEL
Fixed in:0:1.0.1-1.el8apRHSA-2023:4693
Fixed in:0:1.0.1-1.el9apRHSA-2023:4693
python-cryptographyRed Hat / RHEL
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
python-cryptographyRocky
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
python-cryptography-debugsourceRocky
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
python-cryptography-debugsourceRed Hat / RHEL
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
python-djangoRed Hat / RHEL
Fixed in:0:3.2.20-1.el9apRHSA-2023:4693
python-djangoRocky
Fixed in:0:3.2.20-1.el9apRHSA-2023:4693
python-requestsRocky
Fixed in:0:2.31.0-1.el9apRHSA-2023:4693
python-requestsRed Hat / RHEL
Fixed in:0:2.31.0-1.el9apRHSA-2023:4693
python-rsaRocky
Fixed in:0:4.7.2-1.el9apRHSA-2023:4693
python-rsaRed Hat / RHEL
Fixed in:0:4.7.2-1.el9apRHSA-2023:4693
python3-cryptographyRocky
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
python3-cryptographyRed Hat / RHEL
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
python3-cryptography-debuginfoRed Hat / RHEL
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
python3-cryptography-debuginfoRocky
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
Fixed in:0:38.0.4-2.el9apRHSA-2023:4693
python3-djangoRed Hat / RHEL
Fixed in:0:3.2.20-1.el9apRHSA-2023:4693
python3-djangoRocky
Fixed in:0:3.2.20-1.el9apRHSA-2023:4693
python3-requestsRed Hat / RHEL
Fixed in:0:2.31.0-1.el9apRHSA-2023:4693
python3-requestsRocky
Fixed in:0:2.31.0-1.el9apRHSA-2023:4693
python3-rsaRocky
Fixed in:0:4.7.2-1.el9apRHSA-2023:4693
python3-rsaRed Hat / RHEL
Fixed in:0:4.7.2-1.el9apRHSA-2023:4693
python39-cryptographyRed Hat / RHEL
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
python39-cryptographyRocky
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
python39-cryptography-debuginfoRed Hat / RHEL
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
python39-cryptography-debuginfoRocky
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
python39-djangoRocky
Fixed in:0:3.2.20-1.el8apRHSA-2023:4693
python39-djangoRed Hat / RHEL
Fixed in:0:3.2.20-1.el8apRHSA-2023:4693
python39-requestsRocky
Fixed in:0:2.31.0-1.el8apRHSA-2023:4693
python39-requestsRed Hat / RHEL
Fixed in:0:2.31.0-1.el8apRHSA-2023:4693
python39-rsaRocky
Fixed in:0:4.7.2-1.el8apRHSA-2023:4693
python39-rsaRed Hat / RHEL
Fixed in:0:4.7.2-1.el8apRHSA-2023:4693
python3x-cryptographyRed Hat / RHEL
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
python3x-cryptographyRocky
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
python3x-cryptography-debugsourceRed Hat / RHEL
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
python3x-cryptography-debugsourceRocky
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
Fixed in:0:38.0.4-2.el8apRHSA-2023:4693
python3x-djangoRocky
Fixed in:0:3.2.20-1.el8apRHSA-2023:4693
python3x-djangoRed Hat / RHEL
Fixed in:0:3.2.20-1.el8apRHSA-2023:4693
python3x-requestsRed Hat / RHEL
Fixed in:0:2.31.0-1.el8apRHSA-2023:4693
python3x-requestsRocky
Fixed in:0:2.31.0-1.el8apRHSA-2023:4693
python3x-rsaRocky
Fixed in:0:4.7.2-1.el8apRHSA-2023:4693
python3x-rsaRed Hat / RHEL
Fixed in:0:4.7.2-1.el8apRHSA-2023:4693

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityLow
IntegrityLow
AvailabilityLow

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploit Intelligence

0.52%probability of exploitation in 30 days
40thpercentile

Moderate risk: more likely to be exploited than 40% of all known CVEs.

References

Related Vulnerabilities

Other CWE-532 vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2019-1622Medium5.379%--
CVE-2020-35234High7.563%-Fix
CVE-2023-43261High7.560%-Fix
CVE-2024-20440High7.551%--
CVE-2018-3609High8.122%--
CVE-2018-8719Medium5.316%--
Embed a live status badge for CVE-2023-4380
CVE-2023-4380 severity badge

Markdown

[![CVE-2023-4380](https://tridentstack.com/cve/badge/CVE-2023-4380.svg)](https://tridentstack.com/cve/CVE-2023-4380)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-4380"><img src="https://tridentstack.com/cve/badge/CVE-2023-4380.svg" alt="CVE-2023-4380"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.