CVE-2024-0690

Improper Output Neutralization for Logs in pypi/ansible-core

Identifiers

GHSA-h24r-m9qc-pvpg, CVE-2024-0690

Package Slug

pypi/ansible-core

Vulnerability

Improper Output Neutralization for Logs

Description

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLENOLOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.

Affected Versions

All versions before 2.14.14, all versions starting from 2.15.0b1 before 2.15.9, all versions starting from 2.16.0b1 before 2.16.3

Solution

Upgrade to versions 2.15.9, 2.16.3, 2.14.14 or above.

Last Modified

2024-02-07

source