A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.

Affected Packages

PyPI ansible-core

Affected versions: 2.8.0 (last affected: 2.15.2)

Related CVEs

CVE-2023-4237

Key Information

GHSA ID

GHSA-ww3m-ffrm-qvqv

Published

October 4, 2023 3:30 PM

Last Modified

October 10, 2023 10:29 PM

CVSS Score

5.0 /10

Primary Ecosystem

PyPI

Primary Package

ansible-core

GitHub Reviewed

✓ Yes

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.