GitHub Advisory DatabaseGHSA-H24R-M9QC-PVPGAnsible-core information disclosure flaw
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.9%
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ansible-core | lt | 2.15.9 | |
| ansible-core | lt | 2.16.3 | |
| ansible-core | lt | 2.14.14 |
References
access.redhat.com/errata/RHSA-2024:0733
access.redhat.com/errata/RHSA-2024:2246
access.redhat.com/errata/RHSA-2024:3043
access.redhat.com/security/cve/CVE-2024-0690
bugzilla.redhat.com/show_bug.cgi?id=2259013
github.com/advisories/GHSA-h24r-m9qc-pvpg
github.com/ansible/ansible/commit/6935c8e303440addd3871ecf8e04bde61080b032
github.com/ansible/ansible/commit/78db3a3de6b40fb52d216685ae7cb903c609c3e1
github.com/ansible/ansible/commit/b9a03bbf5a63459468baf8895ff74a62e9be4532
github.com/ansible/ansible/commit/beb04bc2642c208447c5a936f94310528a1946b1
github.com/ansible/ansible/pull/82565
github.com/pypa/advisory-database/tree/main/vulns/ansible-core/PYSEC-2024-36.yaml
nvd.nist.gov/vuln/detail/CVE-2024-0690
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.9%