Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13dzNtLWZmcm0tcXZxds4AA2Ph
Ansible may expose private key
A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.
Permalink: https://github.com/advisories/GHSA-ww3m-ffrm-qvqvJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13dzNtLWZmcm0tcXZxds4AA2Ph
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 7 months ago
Updated: 6 months ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Identifiers: GHSA-ww3m-ffrm-qvqv, CVE-2023-4237
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-4237
- https://access.redhat.com/security/cve/CVE-2023-4237
- https://bugzilla.redhat.com/show_bug.cgi?id=2229979
- https://access.redhat.com/errata/RHBA-2023:5653
- https://access.redhat.com/errata/RHBA-2023:5666
- https://github.com/advisories/GHSA-ww3m-ffrm-qvqv
Affected Packages
pypi:ansible-core
Dependent packages: 40Dependent repositories: 2,140
Downloads: 4,533,750 last month
Affected Version Ranges: >= 2.8.0, <= 2.15.2
No known fixed version
All affected versions: 2.11.0, 2.11.1, 2.11.2, 2.11.3, 2.11.4, 2.11.5, 2.11.6, 2.11.7, 2.11.8, 2.11.9, 2.11.10, 2.11.11, 2.11.12, 2.12.0, 2.12.1, 2.12.2, 2.12.3, 2.12.4, 2.12.5, 2.12.6, 2.12.7, 2.12.8, 2.12.9, 2.12.10, 2.13.0, 2.13.1, 2.13.2, 2.13.3, 2.13.4, 2.13.5, 2.13.6, 2.13.7, 2.13.8, 2.13.9, 2.13.10, 2.13.11, 2.13.12, 2.13.13, 2.14.0, 2.14.1, 2.14.2, 2.14.3, 2.14.4, 2.14.5, 2.14.6, 2.14.7, 2.14.8, 2.14.9, 2.14.10, 2.14.11, 2.14.12, 2.14.13, 2.14.14, 2.14.15, 2.14.16, 2.15.0, 2.15.1, 2.15.2