HIGH✓ PATCH🇬🇧 English

CVE-2023-4237

CVSS 7.3v3.1pub. 2023-10-04upd. 2024-11-21

A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
  • Red Hat Ansible Automation Platform

    APP
    Redhat
    2.0
  • Red Hat Ansible Collection

    APP
    Redhat
    wszystkie wersje
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2024-7143HIGH8.3ten sam produkt

A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign ...

CVE-2023-50782HIGH7.5ten sam produkt

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt capture...

CVE-2023-5764HIGH7.1ten sam produkt

A template injection flaw was found in Ansible where a user's controller internal templating operations may re...

CVE-2023-3971HIGH7.3ten sam produkt

An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to...

CVE-2022-3697HIGH7.5ten sam produkt

A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amaz...