A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.
History

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-10-04T14:23:20.710Z

Updated: 2024-11-23T01:27:07.673Z

Reserved: 2023-08-08T11:15:05.990Z

Link: CVE-2023-4237

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-10-04T15:15:12.643

Modified: 2024-11-21T08:34:41.347

Link: CVE-2023-4237

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-08-08T11:15:00Z

Links: CVE-2023-4237 - Bugzilla