ansible is vulnerable to information disclosure. When Sumologic and Splunk callback plugins are used with a setting of no_log
parameter set to true
, it disrespects the setting, causing a leakage of tasks results events to collectors and discloses any sensitive data.
lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14864
github.com/ansible/ansible/compare/20be8693ba4a1c88936e98f3702a409e563c858f...7681345f417ba6a5ddef2187ef519c35ffea36d4
github.com/ansible/ansible/issues/63522
github.com/ansible/ansible/pull/63527
www.debian.org/security/2021/dsa-4950