CVE-2024-0690

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_developer:1.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_inside:1.2:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

History

22 May 2024, 17:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:3043 -

30 Apr 2024, 14:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:2246 -

25 Mar 2024, 22:37

Type Values Removed Values Added
Summary (en) An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values. (en) An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.

14 Feb 2024, 00:27

Type Values Removed Values Added
CPE cpe:2.3:a:redhat:ansible_developer:1.1:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_inside:1.2:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
CWE CWE-116
References () https://bugzilla.redhat.com/show_bug.cgi?id=2259013 - () https://bugzilla.redhat.com/show_bug.cgi?id=2259013 - Issue Tracking
References () https://access.redhat.com/errata/RHSA-2024:0733 - () https://access.redhat.com/errata/RHSA-2024:0733 - Vendor Advisory
References () https://access.redhat.com/security/cve/CVE-2024-0690 - () https://access.redhat.com/security/cve/CVE-2024-0690 - Vendor Advisory
References () https://github.com/ansible/ansible/pull/82565 - () https://github.com/ansible/ansible/pull/82565 - Issue Tracking, Patch
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
First Time Redhat ansible Inside
Redhat ansible Automation Platform
Redhat ansible
Redhat
Fedoraproject fedora
Redhat enterprise Linux
Redhat ansible Developer
Fedoraproject

07 Feb 2024, 22:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0733 -

06 Feb 2024, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-06 12:15

Updated : 2024-05-22 17:16


NVD link : CVE-2024-0690

Mitre link : CVE-2024-0690

CVE.ORG link : CVE-2024-0690


JSON object : View

Products Affected

redhat

  • enterprise_linux
  • ansible
  • ansible_inside
  • ansible_automation_platform
  • ansible_developer

fedoraproject

  • fedora
CWE
CWE-116

Improper Encoding or Escaping of Output

CWE-117

Improper Output Neutralization for Logs