8 matches found
Medium: ansible-core
Issue Overview: A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in...
Exposure Of Sensitive Information In Log Files
Ansible is vulnerable to Exposure of Sensitive Information in Log Files. The vulnerability is caused due to insufficient protection of sensitive data when the nolog: true parameter is omitted while loading vaulted variables, allowing sensitive information, such as passwords or API keys, to be...
CVE-2024-8775
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...
CVE-2024-8775 Ansible-core: exposure of sensitive information in ansible vault files due to improper logging
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...
CVE-2024-8775 Ansible-core: exposure of sensitive information in ansible vault files due to improper logging
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...
CVE-2024-8775
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...
GHSA-H653-95QW-H2MP Ansible leaks sensitive information to logs when told not to
A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processe...
Red Hat Ansible Information Disclosure Vulnerability
Red Hat Ansible is a computer system configuration manager from Red Hat, an American company. The product can be used to distribute, manage, and organize computer systems. An information disclosure vulnerability exists in Red Hat Ansible. The vulnerability allows bypassing data access restriction...