Bug 2229979 (CVE-2023-4237)
Summary: | CVE-2023-4237 ansible automation platform: ec2_key module prints out the private key directly to the standard output | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vipul Nair <vinair> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | adudiak, davidn, epacific, jcammara, jhardy, jneedle, jobarker, kshier, mabashia, osapryki, simaishi, smcdonal, stcannon, teagle, tfister, yguenane, zsadeh |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 2229966 |
Description
Vipul Nair
2023-08-08 11:15:56 UTC
This issue has been solved in the following releases: https://access.redhat.com/errata/RHBA-2023:5666 https://access.redhat.com/errata/RHBA-2023:5653 |