GHSA-ww3m-ffrm-qvqv

Source

https://github.com/advisories/GHSA-ww3m-ffrm-qvqv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-ww3m-ffrm-qvqv/GHSA-ww3m-ffrm-qvqv.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-ww3m-ffrm-qvqv

Aliases

CVE-2023-4237

Published

2023-10-04T15:30:35Z

Modified

2024-02-16T08:30:57.285495Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Ansible may expose private key

Details

A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.

Database specific

{
    "nvd_published_at": "2023-10-04T15:15:12Z",
    "cwe_ids": [
        "CWE-497"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-10T22:29:26Z"
}

References

Affected packages

PyPI / ansible-core

Package

Name: ansible-core; View open source insights on deps.dev
Purl: pkg:pypi/ansible-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.8.0

Last affected

2.15.2

Affected versions

2.*

2.11.0b1

2.11.0b2

2.11.0b3

2.11.0b4

2.11.0rc1

2.11.0rc2

2.11.0

2.11.1rc1

2.11.1

2.11.2rc1

2.11.2

2.11.3rc1

2.11.3

2.11.4rc1

2.11.4

2.11.5rc1

2.11.5

2.11.6rc1

2.11.6

2.11.7rc1

2.11.7

2.11.8rc1

2.11.8

2.11.9rc1

2.11.9

2.11.10rc1

2.11.10

2.11.11rc1

2.11.11

2.11.12rc1

2.11.12

2.12.0b1

2.12.0b2

2.12.0rc1

2.12.0

2.12.1rc1

2.12.1

2.12.2rc1

2.12.2

2.12.3rc1

2.12.3

2.12.4rc1

2.12.4

2.12.5rc1

2.12.5

2.12.6rc1

2.12.6

2.12.7rc1

2.12.7

2.12.8rc1

2.12.8

2.12.9rc1

2.12.9

2.12.10rc1

2.12.10

2.13.0b0

2.13.0b1

2.13.0rc1

2.13.0

2.13.1rc1

2.13.1

2.13.2rc1

2.13.2

2.13.3rc1

2.13.3

2.13.4rc1

2.13.4

2.13.5rc1

2.13.5

2.13.6rc1

2.13.6

2.13.7rc1

2.13.7

2.13.8rc1

2.13.8

2.13.9rc1

2.13.9

2.13.10rc1

2.13.10

2.13.11rc1

2.13.11

2.13.12rc1

2.13.12

2.13.13rc1

2.13.13

2.14.0b1

2.14.0b2

2.14.0b3

2.14.0rc1

2.14.0rc1.post0

2.14.0rc2

2.14.0

2.14.1rc1

2.14.1

2.14.2rc1

2.14.2

2.14.3rc1

2.14.3

2.14.4rc1

2.14.4

2.14.5rc1

2.14.5

2.14.6rc1

2.14.6

2.14.7rc1

2.14.7

2.14.8rc1

2.14.8

2.14.9rc1

2.14.9

2.14.10rc1

2.14.10

2.14.11rc1

2.14.11

2.14.12rc1

2.14.12

2.14.13

2.14.14rc1

2.14.14

2.15.0b1

2.15.0b2

2.15.0b3

2.15.0rc1

2.15.0rc2

2.15.0

2.15.1rc1

2.15.1

2.15.2rc1

2.15.2