A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HRed Hat Ansible Automation Platform
APPRedhat2.0Red Hat Ansible Collection
APPRedhatwszystkie wersje
Related vulnerabilities
A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign ...
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt capture...
A template injection flaw was found in Ansible where a user's controller internal templating operations may re...
An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to...
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amaz...