CVE-2019-14864

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-14864

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14864.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-14864

Aliases

Downstream

ALPINE-CVE-2019-14864

DEBIAN-CVE-2019-14864

DSA-4950-1

RHSA-2019:3925

RHSA-2019:3926

RHSA-2019:3927

RHSA-2019:3928

SUSE-SU-2020:3309-1

UBUNTU-CVE-2019-14864

openSUSE-SU-2020:0513-1

openSUSE-SU-2020:0523-1

openSUSE-SU-2024:10615-1

openSUSE-SU-2024:14244-1

openSUSE-SU-2024:14536-1

Related

Published

2020-01-02T15:15:12Z

Modified

2025-09-30T07:52:18.165617Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.

References

Affected packages

Git / github.com/ansible/ansible

Affected ranges

Type: GIT
Repo: https://github.com/ansible/ansible
Events: Introduced

0a07068054090d5b78b27496aa251be74c484b45

Fixed

0623dedf2d9c4afc09e5be30d3ef249f9d1ebece

Affected versions

v2.*

v2.7.0

v2.7.1

v2.7.10

v2.7.11

v2.7.12

v2.7.13

v2.7.14

v2.7.2

v2.7.3

v2.7.4

v2.7.5

v2.7.6

v2.7.7

v2.7.8

v2.7.9