CVE-2023-28609: Ansible Semaphore mishandles authentication

March 18, 2023 (updated March 23, 2023)

api/auth.go in Ansible Semaphore before 2.8.89 mishandles authentication.

References

github.com/advisories/GHSA-pmhg-cmjc-3875
github.com/ansible-semaphore/semaphore/commit/3e4a62b7f2b1ef0660c9fb839818a53c80a5a8b1
github.com/ansible-semaphore/semaphore/releases/tag/v2.8.89
nvd.nist.gov/vuln/detail/CVE-2023-28609

Detect and mitigate CVE-2023-28609 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →