Lucene search

K

GoogleOSV:GHSA-J667-C2HM-F2WP

HistoryFeb 09, 2022 - 9:59 p.m.

Insertion of Sensitive Information into Log File and Improper Output Neutralization for Logs in ansible

2022-02-0921:59:39

Google

osv.dev

16

0.0005 Low

EPSS

Percentile

17.1%

A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (–check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.

CPENameOperatorVersion
ansibleeq1.6.1
ansibleeq1.9.3
ansibleeq2.7.3
ansibleeq1.8
ansibleeq2.7.4
ansibleeq1.8.4
ansibleeq1.8.2
ansibleeq2.8.4
ansibleeq2.6.0
ansibleeq1.5.5

Rows per page:

1-10 of 1851

References

bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14332

github.com/ansible/ansible

github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst#security-fixes-4

github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes-6

github.com/ansible/ansible/pull/71033

nvd.nist.gov/vuln/detail/CVE-2020-14332

www.debian.org/security/2021/dsa-4950

0.0005 Low

EPSS

Percentile

17.1%

Related for OSV:GHSA-J667-C2HM-F2WP

osv3 ubuntucve1 redhatcve1 cve1 prion1 veracode1 cvelist1 alpinelinux1 github1 nvd1 debiancve1 nessus7 fedora2 openvas3 redhat1 debian1 suse1