CVE-2018-10855: Inclusion of Sensitive Information in Log Files
(updated )
Ansible does not honor the no_log
task flag for failed tasks. When the no_log
flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.
References
Detect and mitigate CVE-2018-10855 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →