HIGH🇬🇧 English

CVE-2023-3971

CVSS 7.3v3.1pub. 2023-10-04upd. 2024-11-21

An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
  • Red Hat Ansible Automation Controller

    APP
    Redhat
    4.4< 4.3.11
  • Red Hat Ansible Automation Platform

    APP
    Redhat
    2.32.4
  • Red Hat Ansible Developer

    APP
    Redhat
    1.0
  • Red Hat Ansible Inside

    APP
    Redhat
    1.1
  • Red Hat Enterprise Linux

    OS
    Redhat
    8.09.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2018-14667CRITICAL9.8⚠ KEVten sam produkt

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserReso...

CVE-2014-7169CRITICAL9.8⚠ KEVten sam produkt

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the...

CVE-2014-6271CRITICAL9.8⚠ KEVten sam produkt

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variab...