20 matches found
Astra Linux – Vulnerability in Ansible
Ansible versions 2.9.x before 2.9.1, 2.8.x before 2.8.7, and 2.7.x before 2.7.15 do not respect the “nolog” flag set to True when using Sumologic and Splunk callback plugins to send task result events to collectors. This could lead to the disclosure and collection of sensitive data...
AZL-53180 CVE-2024-8775 affecting package ansible 2.14.18-1
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...
SUSE CVE-2024-0690
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLENOLOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as...
SUSE CVE-2018-10855
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on th...
CVE-2020-10698
A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, as it should be protected by the nolog flag when...
The vulnerabilities of Splunk and Sumologic modules in the configuration management system Ansible, which allow a hacker to gain unauthorized access to protected information.
The vulnerability of Splunk and Sumologic modules in the Ansible configuration management system is related to the absence of the “nolog” flag. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
ALPINE-CVE-2019-14864
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag nolog set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data...
DEBIAN-CVE-2019-14864
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag nolog set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data...
UBUNTU-CVE-2019-14864
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag nolog set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data...
PT-2020-3040
Name of the Vulnerable Software and Affected Versions Ansible versions 2.7.x through 2.7.14 Ansible versions 2.8.x through 2.8.6 Ansible versions 2.9.x through 2.9.0 Description The issue is related to the absence of consideration for the no log flag in Ansible's system management configuration...
Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs
A data disclosure flaw was found in Ansible when using the Splunk and Sumologic modules, as they are not respecting when the flag nolog is enabled. This flaw can disclose and collect sensitive data from the system and expose it to an attacker...
Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs
A data disclosure flaw was found in Ansible when using the Splunk and Sumologic modules, as they are not respecting when the flag nolog is enabled. This flaw can disclose and collect sensitive data from the system and expose it to an attacker...
Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs
A data disclosure flaw was found in Ansible when using the Splunk and Sumologic modules, as they are not respecting when the flag nolog is enabled. This flaw can disclose and collect sensitive data from the system and expose it to an attacker...
Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs
A data disclosure flaw was found in Ansible when using the Splunk and Sumologic modules, as they are not respecting when the flag nolog is enabled. This flaw can disclose and collect sensitive data from the system and expose it to an attacker...
Ansible: gcp modules do not flag sensitive data fields properly
A flaw was found in the gcp module of ansible. Certain fields managing sensitive data should be marked by the nolog feature. The serviceaccountcontents, which is common class for all gcp modules, is not being set as nolog to True. Any sensitive data managed by that function would be leaked as an...
ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on th...
ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on th...
PYSEC-2018-42
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on th...
ALPINE-CVE-2018-10855
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on th...
DEBIAN-CVE-2018-10855
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on th...