Vulnerability/
REDHAT-BUG-2229979

REDHAT-BUG-2229979

Published Aug 8, 2023

Updated

"When creating a new keypair the ec2_key module prints out the private key directly to the standard output. I wasn't able to find any way to disable this behavior in the module's documentation. This makes it unusable in any kind of public CI workflow such as GHA." Confirmed impacting all collection releases, and back to ansible-core 2.8 (did not test further back).

Affected Software

1 affected component

Ansible ec2_key module>=2.8

Event History

Aug 8, 2023

Data Sourced

via Red Hat·11:15 AM

DescriptionSeverityAffected Software

Frequently Asked Questions

What is the severity of REDHAT-BUG-2229979?

REDHAT-BUG-2229979 is considered a significant security concern due to the exposure of private keys in public CI workflows.

How do I fix REDHAT-BUG-2229979?

Currently, there is no documented method to disable the direct printing of the private key in the ec2_key module, so avoid using it in public environments until resolved.

Which software is affected by REDHAT-BUG-2229979?

The ec2_key module in Ansible, version 2.8 and above, is affected by REDHAT-BUG-2229979.

Is there a workaround for REDHAT-BUG-2229979?

No effective workaround has been provided to prevent private key output in REDHAT-BUG-2229979.

When was REDHAT-BUG-2229979 reported?

REDHAT-BUG-2229979 was reported recently and affects multiple versions of the Ansible ec2_key module.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.