CVE-2019-14846
published 2019-10-08CVE-2019-14846: In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ansible | < ansible 2.8.6+dfsg-1 (bookworm) | ansible 2.8.6+dfsg-1 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| opensuse | backports_sle | — | — |
| opensuse | leap | — | — |
| red_hat | ansible | — | — |
| redhat | ansible | >= 0 < 2.8.6+dfsg-1 | 2.8.6+dfsg-1 |
| redhat | ansible | >= 0 < 2.8.6+dfsg-1 | 2.8.6+dfsg-1 |
| redhat | ansible | >= 0 < 2.8.6+dfsg-1 | 2.8.6+dfsg-1 |
| redhat | ansible | >= 0 < 2.8.6+dfsg-1 | 2.8.6+dfsg-1 |
| redhat | ansible | >= 0 < 2.6.20 | 2.6.20 |
| redhat | ansible | >= 0 < 1.5.4+dfsg-1ubuntu0.1~esm3 | 1.5.4+dfsg-1ubuntu0.1~esm3 |
| redhat | ansible | >= 0 < 2.0.0.2-2ubuntu1.3+esm6 | 2.0.0.2-2ubuntu1.3+esm6 |
| redhat | ansible | >= 0 < 2.0.0.2-2ubuntu1.3+esm5 | 2.0.0.2-2ubuntu1.3+esm5 |
| redhat | ansible | >= 0 < 2.5.1+dfsg-1ubuntu0.1+esm5 | 2.5.1+dfsg-1ubuntu0.1+esm5 |
| redhat | ansible | >= 0 < 2.9.6+dfsg-1ubuntu0.1~esm3 | 2.9.6+dfsg-1ubuntu0.1~esm3 |
| redhat | ansible | >= 2.7.0a1 < 2.7.14 | 2.7.14 |
| redhat | ansible | >= 2.8.0a1 < 2.8.6 | 2.8.6 |
| redhat | ansible_engine | < 2.6.20 | 2.6.20 |
| redhat | ansible_engine | — | — |
| redhat | ansible_engine | — | — |
| redhat | ansible_engine | >= 2.7.0 < 2.7.14 | 2.7.14 |
| redhat | ansible_engine | >= 2.8.0 < 2.8.6 | 2.8.6 |
| redhat | openstack | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH