CVE-2023-4237: 
Ansible vulnerability analysis and mitigation

A vulnerability was identified in the Ansible Automation Platform's ec2_key module (CVE-2023-4237). The flaw involves the module printing private keys directly to standard output when creating new keypairs, which was discovered on August 8, 2023. This vulnerability affects various versions of Ansible Automation Platform 2.0 and Ansible collections (Red Hat Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The issue stems from the ec2_key module's behavior of printing private key material directly to standard output during keypair creation operations, which subsequently gets captured in log files. This vulnerability has been classified under CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere) (NVD).

The vulnerability's exploitation could lead to unauthorized access to private keys through log files, potentially compromising the system's confidentiality, integrity, and availability. This is particularly problematic in public CI workflow environments such as GitHub Actions, where logs might be accessible to unauthorized parties (Bugzilla).

The vulnerability has been addressed in subsequent releases, with fixes available through Red Hat's errata updates RHBA-2023:5666 and RHBA-2023:5653. Organizations using affected versions should upgrade to the patched versions to mitigate this security risk (Red Hat Advisory, Red Hat Advisory).