An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2024:0733 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2024:2246 | |
https://access.redhat.com/errata/RHSA-2024:3043 | |
https://access.redhat.com/security/cve/CVE-2024-0690 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2259013 | Issue Tracking |
https://github.com/ansible/ansible/pull/82565 | Issue Tracking Patch |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
|
History
22 May 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Apr 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Mar 2024, 22:37
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values. |
14 Feb 2024, 00:27
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat enterprise Linux
Redhat ansible Automation Platform Fedoraproject fedora Fedoraproject Redhat ansible Redhat Redhat ansible Inside Redhat ansible Developer |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
References | () https://access.redhat.com/errata/RHSA-2024:0733 - Vendor Advisory | |
References | () https://access.redhat.com/security/cve/CVE-2024-0690 - Vendor Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2259013 - Issue Tracking | |
References | () https://github.com/ansible/ansible/pull/82565 - Issue Tracking, Patch | |
CPE | cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:ansible_developer:1.1:*:*:*:*:*:*:* cpe:2.3:a:redhat:ansible_inside:1.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* |
|
CWE | CWE-116 |
07 Feb 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary |
|
06 Feb 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-06 12:15
Updated : 2024-05-22 17:16
NVD link : CVE-2024-0690
Mitre link : CVE-2024-0690
CVE.ORG link : CVE-2024-0690
JSON object : View
Products Affected
redhat
- ansible_automation_platform
- ansible
- ansible_developer
- ansible_inside
- enterprise_linux
fedoraproject
- fedora