← back
CVE-2019-14864

CVE-2019-14864

CVSS 5.7 MEDIUMEPSS 1.9%CWE-117CWE-532
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Affected products
Red Hat · Ansible

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14864https://github.com/ansible/ansible/issues/63522https://github.com/ansible/ansible/pull/63527https://www.debian.org/security/2021/dsa-4950