CVE-2023-4237

EPSS 0.07%
Published 04.10.2023 15:15:12
Last modified 21.11.2024 08:34:41
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Ansible Automation Platform Version2.0

Redhat ≫ Ansible Collection

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.226

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com	7.3	1.3	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

https://access.redhat.com/errata/RHBA-2023:5653

https://access.redhat.com/errata/RHBA-2023:5666

https://access.redhat.com/security/cve/CVE-2023-4237

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2229979

Vendor Advisory

Issue Tracking

https://security.netapp.com/advisory/ntap-20241025-0002/

https://nvd.nist.gov/vuln/detail/CVE-2023-4237

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-4237

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-4237

EUVD