CVE-2024-0690

CWE-117CWE-1169 documents7 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 79.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Redhat AnsibleFedoraproject FedoraRedhat Ansible Automation Platform+3 more
Timeline
PublishedFeb 6
Latest updateFeb 13

Description

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 1.3 | Impact: 3.6

Affected Packages7 packages

PyPIansible-core2.16.02.16.3+3
Debianansible-core< 2.14.16-0+deb12u1+2
NVDredhat/ansible2.15.02.15.9+2
Debianansible< 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1+3

Also affects: Fedora 38, 39, Enterprise Linux 8.0, 9.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

5
OSV
Ansible-core information disclosure flaw2024-02-06
OSV
CVE-2024-0690: An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios2024-02-06
CVEList
Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration2024-02-06
GHSA
Ansible-core information disclosure flaw2024-02-06
OSV
CVE-2024-0690: An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios2024-02-06

📋Vendor Advisories

3
Microsoft
Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration2024-02-13
Red Hat
ansible-core: possible information leak in tasks that ignore ANSIBLE_NO_LOG configuration2024-01-18
Debian
CVE-2024-0690: ansible - An information disclosure flaw was found in ansible-core due to a failure to res...2024