CVE-2019-14864

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-14864
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14864.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-14864
Aliases
Downstream
Related
Published
2020-01-02T15:15:12Z
Modified
2025-09-30T07:52:18.165617Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.

References

Affected packages

Git / github.com/ansible/ansible

Affected ranges

Type
GIT
Repo
https://github.com/ansible/ansible
Events

Affected versions

v2.*

v2.7.0
v2.7.1
v2.7.10
v2.7.11
v2.7.12
v2.7.13
v2.7.14
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.7.8
v2.7.9