CVE-2023-4237
Platform: ec2_key module prints out the private key directly to the standard output
CVSS Score
7.3
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.
| CWE | CWE-497 |
| Vendor | red hat |
| Product | red hat ansible automation platform 2.4 for rhel 8 |
| Published | Oct 4, 2023 |
| Last Updated | Feb 25, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat ansible automation platform 2.4 for rhel 8
Be the first to know when new high vulnerabilities affecting red hat red hat ansible automation platform 2.4 for rhel 8 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Red Hat / Red Hat Ansible Automation Platform 2.4 for RHEL 8
All versions affected Red Hat / Red Hat Ansible Automation Platform 2.4 for RHEL 8
All versions affected Red Hat / Red Hat Ansible Automation Platform 2.4 for RHEL 9
All versions affected Red Hat / Red Hat Ansible Automation Platform 2.4 for RHEL 9
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHBA-2023:5653 access.redhat.com: https://access.redhat.com/errata/RHBA-2023:5666 access.redhat.com: https://access.redhat.com/security/cve/CVE-2023-4237 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2229979 security.netapp.com: https://security.netapp.com/advisory/ntap-20241025-0002/
Credits
Red Hat would like to thank Jill Rouleau (redhat) for reporting this issue.