Design/Logic Flaw

2020-01-0215:15:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.5%

JSON

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.

CPENameOperatorVersion
debian_linuxeq10.0
backports_sleeq15.0 sp1
leapeq15.1
ansiblege2.9.0
ansiblelt2.9.1
ansiblege2.8.0
ansiblelt2.8.7
ansiblege2.7.0
ansiblelt2.7.15
ansible_towereq3.0

Name	Operator	Version
debian_linux	eq	10.0
backports_sle	eq	15.0 sp1
leap	eq	15.1
ansible	ge	2.9.0
ansible	lt	2.9.1
ansible	ge	2.8.0
ansible	lt	2.8.7
ansible	ge	2.7.0
ansible	lt	2.7.15
ansible_tower	eq	3.0