GHSA-h24r-m9qc-pvpg
Suggest an improvement- Source
- https://github.com/advisories/GHSA-h24r-m9qc-pvpg
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-h24r-m9qc-pvpg/GHSA-h24r-m9qc-pvpg.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-h24r-m9qc-pvpg
- Aliases
-
- CVE-2024-0690
- PYSEC-2024-36
- Published
- 2024-02-06T12:30:31Z
- Modified
- 2024-05-22T18:56:04.796952Z
- Severity
-
- 5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Ansible-core information disclosure flaw
- Details
-
An information disclosure flaw was found in ansible-core due to a failure to respect the
ANSIBLE_NO_LOGconfiguration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values. - References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-0690
- https://github.com/ansible/ansible/pull/82565
- https://github.com/ansible/ansible/commit/6935c8e303440addd3871ecf8e04bde61080b032
- https://github.com/ansible/ansible/commit/78db3a3de6b40fb52d216685ae7cb903c609c3e1
- https://github.com/ansible/ansible/commit/b9a03bbf5a63459468baf8895ff74a62e9be4532
- https://github.com/ansible/ansible/commit/beb04bc2642c208447c5a936f94310528a1946b1
- https://access.redhat.com/errata/RHSA-2024:0733
- https://access.redhat.com/errata/RHSA-2024:2246
- https://access.redhat.com/errata/RHSA-2024:3043
- https://access.redhat.com/security/cve/CVE-2024-0690
- https://bugzilla.redhat.com/show_bug.cgi?id=2259013
- https://github.com/ansible/ansible
- https://github.com/pypa/advisory-database/tree/main/vulns/ansible-core/PYSEC-2024-36.yaml
Affected packages
PyPI / ansible-core
Package
- Name
- ansible-core
- View open source insights on deps.dev
- Purl
- pkg:pypi/ansible-core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.14.14
Affected versions
0.*
0.0.1a1
2.*
2.11.0b1
2.11.0b2
2.11.0b3
2.11.0b4
2.11.0rc1
2.11.0rc2
2.11.0
2.11.1rc1
2.11.1
2.11.2rc1
2.11.2
2.11.3rc1
2.11.3
2.11.4rc1
2.11.4
2.11.5rc1
2.11.5
2.11.6rc1
2.11.6
2.11.7rc1
2.11.7
2.11.8rc1
2.11.8
2.11.9rc1
2.11.9
2.11.10rc1
2.11.10
2.11.11rc1
2.11.11
2.11.12rc1
2.11.12
2.12.0b1
2.12.0b2
2.12.0rc1
2.12.0
2.12.1rc1
2.12.1
2.12.2rc1
2.12.2
2.12.3rc1
2.12.3
2.12.4rc1
2.12.4
2.12.5rc1
2.12.5
2.12.6rc1
2.12.6
2.12.7rc1
2.12.7
2.12.8rc1
2.12.8
2.12.9rc1
2.12.9
2.12.10rc1
2.12.10
2.13.0b0
2.13.0b1
2.13.0rc1
2.13.0
2.13.1rc1
2.13.1
2.13.2rc1
2.13.2
2.13.3rc1
2.13.3
2.13.4rc1
2.13.4
2.13.5rc1
2.13.5
2.13.6rc1
2.13.6
2.13.7rc1
2.13.7
2.13.8rc1
2.13.8
2.13.9rc1
2.13.9
2.13.10rc1
2.13.10
2.13.11rc1
2.13.11
2.13.12rc1
2.13.12
2.13.13rc1
2.13.13
2.14.0b1
2.14.0b2
2.14.0b3
2.14.0rc1
2.14.0rc1.post0
2.14.0rc2
2.14.0
2.14.1rc1
2.14.1
2.14.2rc1
2.14.2
2.14.3rc1
2.14.3
2.14.4rc1
2.14.4
2.14.5rc1
2.14.5
2.14.6rc1
2.14.6
2.14.7rc1
2.14.7
2.14.8rc1
2.14.8
2.14.9rc1
2.14.9
2.14.10rc1
2.14.10
2.14.11rc1
2.14.11
2.14.12rc1
2.14.12
2.14.13
2.14.14rc1
PyPI / ansible-core
Package
- Name
- ansible-core
- View open source insights on deps.dev
- Purl
- pkg:pypi/ansible-core
PyPI / ansible-core
Package
- Name
- ansible-core
- View open source insights on deps.dev
- Purl
- pkg:pypi/ansible-core