CVE-2023-4237 Vulnerability Details

  /     /     /  

CVE-2023-4237 Metadata Quick Info

CVE Published: 04/10/2023 | CVE Updated: 23/11/2024 | CVE Year: 2023
Source: redhat | Vendor: Red Hat | Product: Red Hat Ansible Automation Platform 2.4 for RHEL 8
Status : PUBLISHED

---

CVE-2023-4237 Description

A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system\'s confidentiality, integrity, and availability.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-497
CWE Name: Exposure of Sensitive System Information to an Unauthorized Control Sphere
Source: Red Hat

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).