CVE-2023-4237

A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.

Published: Oct 4, 2023
Updated: May 10, 2024
CVE: CVE-2023-4237
GHSA: GHSA-ww3m-ffrm-qvqv
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-497

Affected Software
References

Software	From	Fixed in
redhat / ansible_automation_platform	2.0	2.0.x
redhat / ansible_collection	-	-
ansible-core	2.8.0	2.15.2.x

https://access.redhat.com/errata/RHBA-2023:5653
https://access.redhat.com/errata/RHBA-2023:5666
https://access.redhat.com/security/cve/CVE-2023-4237
https://bugzilla.redhat.com/show_bug.cgi?id=2229979
https://security.netapp.com/advisory/ntap-20241025-0002/

Vulnerability Database

289,598

CVE-2023-4237