Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-4237

A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.

Published

2023-10-04T15:15:12.643

Last Modified

2024-11-21T08:34:41.347

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.3 (HIGH)

Weaknesses

Type: Secondary
CWE-497
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	ansible_automation_platform	2.0	Yes
Application	redhat	ansible_collection	*	Yes

References

https://access.redhat.com/errata/RHBA-2023:5653 ([email protected])
https://access.redhat.com/errata/RHBA-2023:5666 ([email protected])
https://access.redhat.com/security/cve/CVE-2023-4237 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2229979 Issue Tracking, Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHBA-2023:5653 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHBA-2023:5666 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2023-4237 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2229979 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20241025-0002/ (af854a3a-2127-422b-91ae-364da2661108)