CVE-2023-4237 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2023-4237

CVE-2023-4237

October 04, 2023

A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.

Related Resources (7)

https://github.com/ansible/ansible

https://access.redhat.com/errata/RHBA-2023:5653

https://access.redhat.com/security/cve/CVE-2023-4237

https://access.redhat.com/errata/RHBA-2023:5666

https://bugzilla.redhat.com/show_bug.cgi?id=2229979

https://nvd.nist.gov/vuln/detail/CVE-2023-4237

https://security.netapp.com/advisory/ntap-20241025-0002/

Do you need more information?

CVSS v4

Base Score:

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

PASSIVE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Weakness Type (CWE)

Exposure of Sensitive System Information to an Unauthorized Control Sphere

CWE-497

EPSS

Base Score:

0.08

Products

Solutions

Resources

Company

Compare

Developer Tools