Platform: ec2_key module prints out the private key directly to the standard output
CVE-2023-4237

7.3HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Ansible Automation Platform 2.4 For Rhel 8
Red Hat Ansible Automation Platform 2.4 For Rhel 9
Vendor
CVE Published:
4 October 2023

What is CVE-2023-4237?

A vulnerability exists within the Ansible Automation Platform that causes the ec2_key module to expose private keys to standard output when generating new keypairs. This flaw can lead to unauthorized access if attackers can access log files, thus compromising the confidentiality and integrity of the system. Users of the Ansible Automation Platform should review their logging practices and ensure proper security measures are taken to protect sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Red Hat Ansible Automation Platform 2.4 for RHEL 8 1.0.0-423

Red Hat Ansible Automation Platform 2.4 for RHEL 9 1.0.0-424

References

https://access.redhat.com/errata/RHBA-2023:5653
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHBA-2023:5666
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-4237
vdb-entryx_refsource_REDHAT

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Jill Rouleau (redhat) for reporting this issue.
JSON
.