How severe is CVE-2019-14858?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2019-14858?

This is classified as CWE-117, which is a common weakness in software security.

CVE-2019-14858 - HIGH Severity | CVSS 7.3

Vulnerability Description

A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.

Related Vulnerabilities

CVE-2019-14846

HIGH

CVSS:7.3(High)

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin ...

CWE-1172019

CVE-2024-32474

HIGH

CVSS:7.3(High)

Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs...

CWE-1172024

CVE-2020-25646

HIGH

CVSS:7.5(High)

A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality

CWE-1172020

CVE-2024-47083

HIGH

CVSS:7.5(High)

Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitive...

CWE-1172024

CVE-2024-8297

MEDIUM

CVSS:7.5(High)

A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been classified as problematic. Affected is the function JwtRefreshAuth of the file middleware/jwt_refresh_token_...

CWE-1172024

CVE-2024-9606

HIGH

CVSS:7.5(High)

In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerability where the API key masking code only masks the first 5 characters of the key...

CWE-1172024