CVE-2023-4237

Name of the Vulnerable Software and Affected Versions Ansible Automation Platform (affected versions not specified)

Description The issue is related to a flaw in the ec2 key module of the Ansible Automation Platform, which is connected to shortcomings in the authorization procedure. This flaw allows an attacker to obtain access to confidential data, compromise their integrity, and cause a denial of service. Specifically, when creating a new keypair, the ec2 key module prints out the private key directly to the standard output, enabling an attacker to fetch those keys from the log files and compromise the system's confidentiality, integrity, and availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.