GHSA-3m93-m4q6-mc6v

Source

https://github.com/advisories/GHSA-3m93-m4q6-mc6v

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/02/GHSA-3m93-m4q6-mc6v/GHSA-3m93-m4q6-mc6v.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3m93-m4q6-mc6v

Aliases

Published

2020-02-26T19:54:31Z

Modified

2024-09-04T20:34:48.736459Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Inclusion of Sensitive Information in Log Files and Improper Output Neutralization for Logs in Ansible

Details

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.

References

Affected packages

PyPI / ansible

Package

Name: ansible; View open source insights on deps.dev
Purl: pkg:pypi/ansible

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.7.0a1

Fixed

2.7.15

Affected versions

2.*

2.7.0a1

2.7.0b1

2.7.0rc1

2.7.0rc2

2.7.0rc3

2.7.0rc4

2.7.0

2.7.1

2.7.2

2.7.3

2.7.4

2.7.5

2.7.6

2.7.7

2.7.8

2.7.9

2.7.10

2.7.11

2.7.12

2.7.13

2.7.14

PyPI / ansible

Package

Name: ansible; View open source insights on deps.dev
Purl: pkg:pypi/ansible

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.8.0a1

Fixed

2.8.7

Affected versions

2.*

2.8.0a1

2.8.0b1

2.8.0rc1

2.8.0rc2

2.8.0rc3

2.8.0

2.8.1

2.8.2

2.8.3

2.8.4

2.8.5

2.8.6

PyPI / ansible

Package

Name: ansible; View open source insights on deps.dev
Purl: pkg:pypi/ansible

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.9.0a1

Fixed

2.9.1

Affected versions

2.*

2.9.0b1

2.9.0rc1

2.9.0rc2

2.9.0rc3

2.9.0rc4

2.9.0rc5

2.9.0