Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-0690

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.

Published

2024-02-06T12:15:55.530

Last Modified

2025-01-17T20:15:27.403

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.0 (MEDIUM)

Weaknesses

Type: Secondary
CWE-117
Type: Primary
CWE-116

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	ansible	< 2.14.4	Yes
Application	redhat	ansible	< 2.15.9	Yes
Application	redhat	ansible	< 2.16.3	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux	9.0	Yes
Application	redhat	ansible_automation_platform	2.4	Yes
Application	redhat	ansible_developer	1.1	Yes
Application	redhat	ansible_inside	1.2	Yes
Operating System	redhat	enterprise_linux	8.0	No
Operating System	redhat	enterprise_linux	9.0	No
Operating System	fedoraproject	fedora	38	Yes
Operating System	fedoraproject	fedora	39	Yes

References

https://access.redhat.com/errata/RHSA-2024:0733 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:2246 ([email protected])
https://access.redhat.com/errata/RHSA-2024:3043 ([email protected])
https://access.redhat.com/security/cve/CVE-2024-0690 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2259013 Issue Tracking ([email protected])
https://github.com/ansible/ansible/pull/82565 Issue Tracking, Patch ([email protected])
https://access.redhat.com/errata/RHSA-2024:0733 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:2246 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:3043 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2024-0690 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2259013 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ansible/ansible/pull/82565 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20250117-0001/ (af854a3a-2127-422b-91ae-364da2661108)