An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2024:0733 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2024:2246 | |
https://access.redhat.com/errata/RHSA-2024:3043 | |
https://access.redhat.com/security/cve/CVE-2024-0690 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2259013 | Issue Tracking |
https://github.com/ansible/ansible/pull/82565 | Issue Tracking Patch |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2024-02-06T12:00:28.505Z
Updated: 2024-07-05T17:21:35.753Z
Reserved: 2024-01-18T16:03:22.626Z
Link: CVE-2024-0690
JSON object: View
NVD Information
Status : Modified
Published: 2024-02-06T12:15:55.530
Modified: 2024-05-22T17:16:11.487
Link: CVE-2024-0690
JSON object: View
Redhat Information
No data.