An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2024:0733 | Vendor Advisory |
https://access.redhat.com/security/cve/CVE-2024-0690 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2259013 | Issue Tracking |
https://github.com/ansible/ansible/pull/82565 | Issue Tracking Patch |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
|
History
25 Mar 2024, 22:37
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values. |
14 Feb 2024, 00:27
Type | Values Removed | Values Added |
---|---|---|
References | () https://access.redhat.com/errata/RHSA-2024:0733 - Vendor Advisory | |
References | () https://access.redhat.com/security/cve/CVE-2024-0690 - Vendor Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2259013 - Issue Tracking | |
References | () https://github.com/ansible/ansible/pull/82565 - Issue Tracking, Patch | |
CWE | CWE-116 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
First Time |
Redhat enterprise Linux
Redhat ansible Developer Redhat ansible Redhat ansible Automation Platform Redhat Fedoraproject fedora Redhat ansible Inside Fedoraproject |
|
CPE | cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:a:redhat:ansible_inside:1.2:*:*:*:*:*:*:* cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:ansible_developer:1.1:*:*:*:*:*:*:* |
07 Feb 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary |
|
06 Feb 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-06 12:15
Updated : 2024-03-25 22:37
NVD link : CVE-2024-0690
Mitre link : CVE-2024-0690
CVE.ORG link : CVE-2024-0690
JSON object : View
Products Affected
redhat
- enterprise_linux
- ansible_developer
- ansible_inside
- ansible
- ansible_automation_platform
fedoraproject
- fedora