CVE-2023-4237

Summary

A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Ansible Automation Platform 2.4 for RHEL 81.0.0-423 < *unaffected
Red HatRed Hat Ansible Automation Platform 2.4 for RHEL 91.0.0-424 < *unaffected

Weaknesses

  • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere

ADP Enrichment

CVE Program Container

Additional References

References