CVE-2024-8775

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-8775
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8775.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-8775
Aliases
Related
Published
2024-09-14T03:15:08Z
Modified
2024-09-18T03:26:40.815843Z
Summary
[none]
Details

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.

References

Affected packages

Debian:11 / ansible

Package

Name
ansible
Purl
pkg:deb/debian/ansible?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.10.7+merged+base+2.10.8+dfsg-1
2.10.7+merged+base+2.10.17+dfsg-0+deb11u1

4.*

4.6.0-1

5.*

5.4.0-1
5.5.0-1

6.*

6.3.0+dfsg-1
6.4.0+dfsg-1

7.*

7.0.0+dfsg-1
7.0.0+dfsg-2
7.1.0+dfsg-1
7.2.0+dfsg-2
7.3.0+dfsg-1
7.7.0+dfsg-1
7.7.0+dfsg-2
7.7.0+dfsg-3

9.*

9.4.0+dfsg-1
9.5.1+dfsg-1

10.*

10.0.0+dfsg-1
10.0.1+dfsg-1
10.1.0+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ansible

Package

Name
ansible
Purl
pkg:deb/debian/ansible?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ansible

Package

Name
ansible
Purl
pkg:deb/debian/ansible?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ansible-core

Package

Name
ansible-core
Purl
pkg:deb/debian/ansible-core?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.14.3-1
2.14.6-1
2.14.7-1
2.14.8-1
2.14.9-1
2.14.9-2
2.14.10-1
2.14.11-1
2.14.11-2
2.14.13-1
2.14.16-0+deb12u1
2.16.5-1
2.16.6-1
2.17.0-1
2.17.1-1
2.17.2-1
2.17.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ansible-core

Package

Name
ansible-core
Purl
pkg:deb/debian/ansible-core?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.14.3-1
2.14.6-1
2.14.7-1
2.14.8-1
2.14.9-1
2.14.9-2
2.14.10-1
2.14.11-1
2.14.11-2
2.14.13-1
2.16.5-1
2.16.6-1
2.17.0-1
2.17.1-1
2.17.2-1
2.17.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}