Description
A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.
References (5)
Core 5
Core References
Vendor Advisory
https://security.netapp.com/advisory/ntap-20241025-0002/
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHBA-2023:5653
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHBA-2023:5666
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-4237
Issue Tracking, Vendor Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2229979
Scores
CVSS v3
7.3
EPSS
0.0007
EPSS Percentile
21.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-497
Status
published
Products (3)
pypi/ansible-core
2.8.0PyPI
redhat/ansible_automation_platform
2.0
redhat/ansible_collection
Published
Oct 04, 2023
Tracked Since
Feb 18, 2026