CVE-2023-4237

moderate-risk

Published 2023-10-04

A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.

Do I need to act?

0.07% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.3/10 High

LOCAL / LOW complexity

Affected Products (2)

Ansible Automation Platform

Ansible Collection

Affected Vendors

Redhat

References (9)

https://access.redhat.com/errata/RHBA-2023:5653

https://access.redhat.com/errata/RHBA-2023:5666

Vendor Advisory https://access.redhat.com/security/cve/CVE-2023-4237

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2229979

https://access.redhat.com/errata/RHBA-2023:5653

https://access.redhat.com/errata/RHBA-2023:5666

Vendor Advisory https://access.redhat.com/security/cve/CVE-2023-4237

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2229979

https://security.netapp.com/advisory/ntap-20241025-0002/

/ 100

moderate-risk

Severity 23/34 · High

Exploitability 0/34 · Minimal

Exposure 7/34 · Low