Search for vulnerabilities
Vulnerability details: VCID-84ev-sg57-tqdk
Vulnerability ID VCID-84ev-sg57-tqdk
Aliases CVE-2023-4237
GHSA-ww3m-ffrm-qvqv
Summary Ansible may expose private key A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.
Status Published
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 6.5 https://access.redhat.com/errata/RHBA-2023:5653
generic_textual MODERATE https://access.redhat.com/errata/RHBA-2023:5653
cvssv3.1 6.5 https://access.redhat.com/errata/RHBA-2023:5666
generic_textual MODERATE https://access.redhat.com/errata/RHBA-2023:5666
cvssv3 7.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4237.json
cvssv3.1 6.5 https://access.redhat.com/security/cve/CVE-2023-4237
generic_textual MODERATE https://access.redhat.com/security/cve/CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2023-4237
cvssv3.1 6.5 https://bugzilla.redhat.com/show_bug.cgi?id=2229979
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=2229979
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-ww3m-ffrm-qvqv
cvssv3.1 6.5 https://github.com/ansible/ansible
generic_textual MODERATE https://github.com/ansible/ansible
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2023-4237
cvssv3.1 7.8 https://nvd.nist.gov/vuln/detail/CVE-2023-4237
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2023-4237
Reference id Reference type URL
https://access.redhat.com/errata/RHBA-2023:5653
https://access.redhat.com/errata/RHBA-2023:5666
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4237.json
https://access.redhat.com/security/cve/CVE-2023-4237
https://api.first.org/data/v1/epss?cve=CVE-2023-4237
https://bugzilla.redhat.com/show_bug.cgi?id=2229979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4237
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/ansible/ansible
https://nvd.nist.gov/vuln/detail/CVE-2023-4237
https://security.netapp.com/advisory/ntap-20241025-0002/
1055300 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055300
cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_collection:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_collection:*:*:*:*:*:*:*:*
GHSA-ww3m-ffrm-qvqv https://github.com/advisories/GHSA-ww3m-ffrm-qvqv
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHBA-2023:5653
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHBA-2023:5666
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4237.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/security/cve/CVE-2023-4237
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2229979
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4237
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4237
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.22462
EPSS Score 0.00072
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:40:23.377123+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-ww3m-ffrm-qvqv/GHSA-ww3m-ffrm-qvqv.json 37.0.0