CVE-2024-0690

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_developer:1.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_inside:1.2:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

History

21 Nov 2024, 08:47

Type Values Removed Values Added
References () https://access.redhat.com/errata/RHSA-2024:0733 - Vendor Advisory () https://access.redhat.com/errata/RHSA-2024:0733 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2024:2246 - () https://access.redhat.com/errata/RHSA-2024:2246 -
References () https://access.redhat.com/errata/RHSA-2024:3043 - () https://access.redhat.com/errata/RHSA-2024:3043 -
References () https://access.redhat.com/security/cve/CVE-2024-0690 - Vendor Advisory () https://access.redhat.com/security/cve/CVE-2024-0690 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2259013 - Issue Tracking () https://bugzilla.redhat.com/show_bug.cgi?id=2259013 - Issue Tracking
References () https://github.com/ansible/ansible/pull/82565 - Issue Tracking, Patch () https://github.com/ansible/ansible/pull/82565 - Issue Tracking, Patch
CVSS v2 : unknown
v3 : 5.5
v2 : unknown
v3 : 5.0

22 May 2024, 17:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:3043 -

30 Apr 2024, 14:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:2246 -

25 Mar 2024, 22:37

Type Values Removed Values Added
Summary (en) An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values. (en) An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.

14 Feb 2024, 00:27

Type Values Removed Values Added
First Time Redhat enterprise Linux
Redhat ansible Automation Platform
Fedoraproject fedora
Fedoraproject
Redhat ansible
Redhat
Redhat ansible Inside
Redhat ansible Developer
CVSS v2 : unknown
v3 : 5.0
v2 : unknown
v3 : 5.5
References () https://access.redhat.com/errata/RHSA-2024:0733 - () https://access.redhat.com/errata/RHSA-2024:0733 - Vendor Advisory
References () https://access.redhat.com/security/cve/CVE-2024-0690 - () https://access.redhat.com/security/cve/CVE-2024-0690 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2259013 - () https://bugzilla.redhat.com/show_bug.cgi?id=2259013 - Issue Tracking
References () https://github.com/ansible/ansible/pull/82565 - () https://github.com/ansible/ansible/pull/82565 - Issue Tracking, Patch
CPE cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_developer:1.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_inside:1.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
CWE CWE-116

07 Feb 2024, 22:15

Type Values Removed Values Added
Summary
  • (es) Se encontró una falla de divulgación de información en ansible-core debido a que no se respetó la configuración de ANSIBLE_NO_LOG en algunos escenarios. Se descubrió que la información todavía se incluye en la salida de determinadas tareas, como los elementos del bucle. Dependiendo de la tarea, este problema puede incluir información confidencial, como valores secretos descifrados.
References
  • () https://access.redhat.com/errata/RHSA-2024:0733 -

06 Feb 2024, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-06 12:15

Updated : 2024-11-21 08:47


NVD link : CVE-2024-0690

Mitre link : CVE-2024-0690

CVE.ORG link : CVE-2024-0690


JSON object : View

Products Affected

fedoraproject

  • fedora

redhat

  • ansible
  • ansible_automation_platform
  • ansible_inside
  • ansible_developer
  • enterprise_linux
CWE
CWE-117

Improper Output Neutralization for Logs

CWE-116

Improper Encoding or Escaping of Output