CVE-2023-3971
Last modified
CVE-2023-3971 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.. EPSS estimates a 0.67% chance of exploitation in the next 30 days.
Description
An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Ansible Automation Controller | < 4.3.11 |
| Redhat | Ansible Automation Controller | 4.4 |
| Redhat | Ansible Automation Platform | 2.3 |
| Redhat | Ansible Automation Platform | 2.4 |
| Redhat | Ansible Developer | 1.0 |
| Redhat | Ansible Inside | 1.1 |
References
- https://access.redhat.com/errata/RHSA-2023:4340Vendor Advisory
- https://access.redhat.com/errata/RHSA-2023:4590Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2023-3971Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2226965Issue Tracking, Vendor Advisory
- https://access.redhat.com/errata/RHSA-2023:4340Vendor Advisory
- https://access.redhat.com/errata/RHSA-2023:4590Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2023-3971Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2226965Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-3971?
How severe is CVE-2023-3971?
How do I fix CVE-2023-3971?
Are you affected by CVE-2023-3971?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST