Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13dzNtLWZmcm0tcXZxds4AA2Ph
Ansible may expose private key
A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.
Permalink: https://github.com/advisories/GHSA-ww3m-ffrm-qvqvJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13dzNtLWZmcm0tcXZxds4AA2Ph
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 year ago
Updated: about 1 year ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
EPSS Percentage: 0.00042
EPSS Percentile: 0.05089
Identifiers: GHSA-ww3m-ffrm-qvqv, CVE-2023-4237
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-4237
- https://access.redhat.com/security/cve/CVE-2023-4237
- https://bugzilla.redhat.com/show_bug.cgi?id=2229979
- https://access.redhat.com/errata/RHBA-2023:5653
- https://access.redhat.com/errata/RHBA-2023:5666
- https://github.com/advisories/GHSA-ww3m-ffrm-qvqv
Affected Packages
pypi:ansible-core
Dependent packages: 53Dependent repositories: 2,140
Downloads: 6,549,155 last month
Affected Version Ranges: >= 2.8.0, <= 2.15.2
No known fixed version
All affected versions: 2.11.0, 2.11.1, 2.11.2, 2.11.3, 2.11.4, 2.11.5, 2.11.6, 2.11.7, 2.11.8, 2.11.9, 2.11.10, 2.11.11, 2.11.12, 2.12.0, 2.12.1, 2.12.2, 2.12.3, 2.12.4, 2.12.5, 2.12.6, 2.12.7, 2.12.8, 2.12.9, 2.12.10, 2.13.0, 2.13.1, 2.13.2, 2.13.3, 2.13.4, 2.13.5, 2.13.6, 2.13.7, 2.13.8, 2.13.9, 2.13.10, 2.13.11, 2.13.12, 2.13.13, 2.14.0, 2.14.1, 2.14.2, 2.14.3, 2.14.4, 2.14.5, 2.14.6, 2.14.7, 2.14.8, 2.14.9, 2.14.10, 2.14.11, 2.14.12, 2.14.13, 2.14.14, 2.14.15, 2.14.16, 2.14.17, 2.14.18, 2.15.0, 2.15.1, 2.15.2