CVE-2024-0690

MEDIUM Year: 2024
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-117
View all →

Vulnerability Description

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.

Related Vulnerabilities

CVE-2020-14332

MEDIUM
CVSS:5.5(Medium)

A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unaut...

CWE-1172020

CVE-2023-4065

MEDIUM
CVSS:5.5(Medium)

A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local at...

CWE-1172023

CVE-2024-52891

MEDIUM
CVSS:5.4(Medium)

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user to inject malicious information or obtain information from log files due to improper log neutralization.

CWE-1172024

CVE-2019-10213

MEDIUM
CVSS:5.3(Medium)

OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read...

CWE-1172019

CVE-2019-14854

MEDIUM
CVSS:5.3(Medium)

OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to d...

CWE-1172019

CVE-2019-14864

MEDIUM
CVSS:5.7(Medium)

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used ...

CWE-1172019