CVE-2024-0690

Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration

CVSS 5 MEDIUMEPSS 0.3%CWE-117

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

06 feb 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Productos afectados

ansibleRed Hat · Red Hat Ansible Automation Platform 2.4 for RHEL 8 Red Hat · Red Hat Ansible Automation Platform 2.4 for RHEL 9 Red Hat · Red Hat Enterprise Linux 8 Red Hat · Red Hat Enterprise Linux 9

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://access.redhat.com/errata/RHSA-2024:0733 https://access.redhat.com/errata/RHSA-2024:2246 https://access.redhat.com/errata/RHSA-2024:3043 https://access.redhat.com/security/cve/CVE-2024-0690 https://bugzilla.redhat.com/show_bug.cgi?id=2259013 https://github.com/ansible/ansible/pull/82565 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZQGCRDSZL7ONCULMB6ZUHOE4L44KIBP/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDYSWOCPZMNRU5LWKIEBW4WGWLMTU7WQ/https://security.netapp.com/advisory/ntap-20250117-0001/