CVE-2023-4237
CVSS V2 None
CVSS V3 None
Description
A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.
Overview
- CVE ID
- CVE-2023-4237
- Assigner
- redhat
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-10-04T14:23:20.710Z
- Last Modified Date
- 2024-05-01T20:21:06.124Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://access.redhat.com/errata/RHBA-2023:5653 | vendor-advisory x_refsource_REDHAT |
| https://access.redhat.com/errata/RHBA-2023:5666 | vendor-advisory x_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2023-4237 | vdb-entry x_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2229979 | issue-tracking x_refsource_REDHAT |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-4237 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4237 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-24 19:44:35 | Added to TrackCVE |