An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2024:0733 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2024:2246 | |
https://access.redhat.com/errata/RHSA-2024:3043 | |
https://access.redhat.com/security/cve/CVE-2024-0690 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2259013 | Issue Tracking |
https://github.com/ansible/ansible/pull/82565 | Issue Tracking Patch |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
|
History
22 May 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Apr 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Mar 2024, 22:37
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values. |
14 Feb 2024, 00:27
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat ansible Inside
Redhat ansible Automation Platform Redhat ansible Redhat Fedoraproject fedora Redhat enterprise Linux Redhat ansible Developer Fedoraproject |
|
CWE | CWE-116 | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2259013 - Issue Tracking | |
References | () https://access.redhat.com/errata/RHSA-2024:0733 - Vendor Advisory | |
References | () https://access.redhat.com/security/cve/CVE-2024-0690 - Vendor Advisory | |
References | () https://github.com/ansible/ansible/pull/82565 - Issue Tracking, Patch | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
CPE | cpe:2.3:a:redhat:ansible_developer:1.1:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* cpe:2.3:a:redhat:ansible_inside:1.2:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
07 Feb 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Feb 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-06 12:15
Updated : 2024-05-22 17:16
NVD link : CVE-2024-0690
Mitre link : CVE-2024-0690
CVE.ORG link : CVE-2024-0690
JSON object : View
Products Affected
redhat
- ansible
- ansible_developer
- ansible_automation_platform
- ansible_inside
- enterprise_linux
fedoraproject
- fedora