Controller: html injection in custom login info
CVE-2023-3971

7.3HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Ansible Automation Platform 2.3 For Rhel 8
Red Hat Ansible Automation Platform 2.3 For Rhel 9
Red Hat Ansible Automation Platform 2.4 For Rhel 8
Red Hat Ansible Automation Platform 2.4 For Rhel 9
Vendor
CVE Published:
4 October 2023

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2023-3971?

An HTML injection vulnerability exists in the user interface settings of Red Hat Controller, which allows attackers to inject malicious HTML code. This can lead to the creation of custom login pages designed to capture user credentials. As a result, attackers may gain unauthorized access to sensitive information by tricking users into entering their credentials on these fraudulent pages.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Red Hat Ansible Automation Platform 2.3 for RHEL 8 0:4.3.11-1.el8ap

Red Hat Ansible Automation Platform 2.3 for RHEL 9 0:4.3.11-1.el9ap

Red Hat Ansible Automation Platform 2.4 for RHEL 8 0:4.4.1-1.el8ap

References

https://access.redhat.com/errata/RHSA-2023:4340
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:4590
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-3971
vdb-entryx_refsource_REDHAT

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Kunal Pusdekar (redhat) for reporting this issue.
JSON
.