Vulnerability Details : CVE-2023-4237
A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.
Products affected by CVE-2023-4237
- cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ansible_collection:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-4237
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 7 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-4237
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H |
0.6
|
5.9
|
Red Hat, Inc. | |
7.3
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
1.3
|
5.9
|
Red Hat, Inc. |
CWE ids for CVE-2023-4237
-
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.Assigned by: secalert@redhat.com (Secondary)
References for CVE-2023-4237
-
https://bugzilla.redhat.com/show_bug.cgi?id=2229979
2229979 – (CVE-2023-4237) CVE-2023-4237 ansible automation platform: ec2_key module prints out the private key directly to the standard outputIssue Tracking;Vendor Advisory
-
https://access.redhat.com/errata/RHBA-2023:5666
RHBA-2023:5666 - Bug Fix Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHBA-2023:5653
RHBA-2023:5653 - Bug Fix Advisory - Red Hat Customer Portal
-
https://access.redhat.com/security/cve/CVE-2023-4237
CVE-2023-4237- Red Hat Customer PortalVendor Advisory
Jump to