← Voltar para CVEs
CVE-2023-4237
HIGH7.3
Descricao
A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.
Detalhes CVE
Pontuacao CVSS v3.17.3
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioREQUIRED
Publicado10/4/2023
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
redhat:ansible_automation_platformredhat:ansible_collection
Fraquezas (CWE)
CWE-497
Referencias
https://access.redhat.com/errata/RHBA-2023:5653(secalert@redhat.com)
https://access.redhat.com/errata/RHBA-2023:5666(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2023-4237(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=2229979(secalert@redhat.com)
https://access.redhat.com/errata/RHBA-2023:5653(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHBA-2023:5666(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2023-4237(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2229979(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20241025-0002/(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.