Lucene search

Veracode Vulnerability DatabaseVERACODE:46548

HistoryApr 21, 2024 - 5:57 a.m.

Sensitive Information Disclosure

2024-04-2105:57:53

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

ansible

automation

sensitive information disclosure

private keys

confidentiality

integrity

availability

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Ansible Automation Platform is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper handling of private keys, where the ec2_key module prints the private key directly to the standard output when creating a new keypair. This flaw allows an attacker to retrieve the keys from log files, compromising the system’s confidentiality, integrity, and availability.

CPENameOperatorVersion
ansible:sideq2.9.13+dfsg-1
ansible:sideq2.9.13+dfsg-1

CPE	Name	Operator	Version
	ansible:sid	eq	2.9.13+dfsg-1
	ansible:sid	eq	2.9.13+dfsg-1

References

access.redhat.com/errata/RHBA-2023:5653

access.redhat.com/errata/RHBA-2023:5666

access.redhat.com/security/cve/CVE-2023-4237

bugzilla.redhat.com/show_bug.cgi?id=2229979

security-tracker.debian.org/tracker/CVE-2023-4237

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for VERACODE:46548