Sensitive information stored in logs In ansible-core
Description
Ansible Uses Plugins That Disclose Credentials Ansible, all ansible_engine-2.x versions and ansible_engine-3.x up to ansible_engine-3.5, was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 pypi | >=0 <2.8.6 | 2.8.6 | |
 alpine v3.8 | =0.3.1-r0 || =0.4-r0 || =0.5-r0 || =0.7-r0 || =0.7.1-r0 || =0.8-r0 || =0.9-r0 || =1.0-r0 || =1.0-r1 || =1.1-r0 || =1.1-r1 || =1.2-r1 || =1.2.1-r1 || =1.2.2-r0 || =1.2.3-r0 || =1.3.3-r0 || =1.3.4-r0 || =1.4.1-r0 || =1.4.3-r0 || =1.4.5-r0 || =1.5.0-r0 || =1.5.4-r0 || =1.5.5-r0 || =1.6.1-r0 || =1.6.5-r0 || =1.6.6-r0 || =1.6.7-r0 || =1.7.0-r0 || =1.7.1-r0 || =1.7.2-r0 || =1.8.0-r0 || =1.8.2-r0 || =1.8.4-r0 || =1.9.2-r0 || =1.9.2-r1 || =1.9.3-r0 || =1.9.3-r1 || =1.9.4-r0 || =2.0.0.2-r0 || =2.0.0.2-r1 || =2.0.1.0-r1 || =2.1.0.0-r0 || =2.1.1.0-r0 || =2.1.2.0-r0 || =2.2.0.0-r0 || =2.2.1.0-r0 || =2.2.1.0-r1 || =2.2.2.0-r0 || =2.3.0.0-r0 || =2.3.0.0-r1 || =2.3.1.0-r0 || =2.3.2.0-r0 || =2.4.0.0-r0 || =2.4.1.0-r0 || =2.4.2.0-r0 || =2.4.3.0-r0 || =2.5.0-r0 || =2.5.15-r0 || =2.5.2-r0 || =2.5.4-r0 || =2.5.5-r0 || =2.6.19-r0 || >=0 <2.6.20-r0 | 2.6.20-r0 | |
 debian 13 | >=0 <2.8.6+dfsg-1 | 2.8.6+dfsg-1 | |
debian 12 | >=0 <2.8.6+dfsg-1 | 2.8.6+dfsg-1 | |
alpine v3.10 | =0.3.1-r0 || =0.4-r0 || =0.5-r0 || =0.7-r0 || =0.7.1-r0 || =0.8-r0 || =0.9-r0 || =1.0-r0 || =1.0-r1 || =1.1-r0 || =1.1-r1 || =1.2-r1 || =1.2.1-r1 || =1.2.2-r0 || =1.2.3-r0 || =1.3.3-r0 || =1.3.4-r0 || =1.4.1-r0 || =1.4.3-r0 || =1.4.5-r0 || =1.5.0-r0 || =1.5.4-r0 || =1.5.5-r0 || =1.6.1-r0 || =1.6.5-r0 || =1.6.6-r0 || =1.6.7-r0 || =1.7.0-r0 || =1.7.1-r0 || =1.7.2-r0 || =1.8.0-r0 || =1.8.2-r0 || =1.8.4-r0 || =1.9.2-r0 || =1.9.2-r1 || =1.9.3-r0 || =1.9.3-r1 || =1.9.4-r0 || =2.0.0.2-r0 || =2.0.0.2-r1 || =2.0.1.0-r1 || =2.1.0.0-r0 || =2.1.1.0-r0 || =2.1.2.0-r0 || =2.2.0.0-r0 || =2.2.1.0-r0 || =2.2.1.0-r1 || =2.2.2.0-r0 || =2.3.0.0-r0 || =2.3.0.0-r1 || =2.3.1.0-r0 || =2.3.2.0-r0 || =2.4.0.0-r0 || =2.4.1.0-r0 || =2.4.2.0-r0 || =2.4.3.0-r0 || =2.5.0-r0 || =2.5.2-r0 || =2.5.4-r0 || =2.5.5-r0 || =2.6.0-r0 || =2.6.1-r0 || =2.6.3-r0 || =2.7.0-r0 || =2.7.0-r1 || =2.7.9-r0 || =2.7.9-r1 || =2.8.0-r1 || =2.8.1-r0 || =2.8.3-r0 || =2.8.4-r0 || >=0 <2.8.6-r0 | 2.8.6-r0 | |
alpine v3.12 | =0.3.1-r0 || =0.4-r0 || =0.5-r0 || =0.7-r0 || =0.7.1-r0 || =0.8-r0 || =0.9-r0 || =1.0-r0 || =1.0-r1 || =1.1-r0 || =1.1-r1 || =1.2-r1 || =1.2.1-r1 || =1.2.2-r0 || =1.2.3-r0 || =1.3.3-r0 || =1.3.4-r0 || =1.4.1-r0 || =1.4.3-r0 || =1.4.5-r0 || =1.5.0-r0 || =1.5.4-r0 || =1.5.5-r0 || =1.6.1-r0 || =1.6.5-r0 || =1.6.6-r0 || =1.6.7-r0 || =1.7.0-r0 || =1.7.1-r0 || =1.7.2-r0 || =1.8.0-r0 || =1.8.2-r0 || =1.8.4-r0 || =1.9.2-r0 || =1.9.2-r1 || =1.9.3-r0 || =1.9.3-r1 || =1.9.4-r0 || =2.0.0.2-r0 || =2.0.0.2-r1 || =2.0.1.0-r1 || =2.1.0.0-r0 || =2.1.1.0-r0 || =2.1.2.0-r0 || =2.2.0.0-r0 || =2.2.1.0-r0 || =2.2.1.0-r1 || =2.2.2.0-r0 || =2.3.0.0-r0 || =2.3.0.0-r1 || =2.3.1.0-r0 || =2.3.2.0-r0 || =2.4.0.0-r0 || =2.4.1.0-r0 || =2.4.2.0-r0 || =2.4.3.0-r0 || =2.5.0-r0 || =2.5.2-r0 || =2.5.4-r0 || =2.5.5-r0 || =2.6.0-r0 || =2.6.1-r0 || =2.6.3-r0 || =2.7.0-r0 || =2.7.0-r1 || =2.7.9-r0 || =2.7.9-r1 || =2.8.0-r1 || =2.8.1-r0 || =2.8.2-r0 || =2.8.3-r0 || =2.8.4-r0 || =2.8.6-r0 || =2.8.6-r1 || =2.8.6-r2 || =2.8.6-r3 || =2.9.1-r0 || =2.9.11-r0 || =2.9.2-r0 || =2.9.2-r1 || =2.9.3-r0 || =2.9.4-r0 || =2.9.5-r0 || =2.9.6-r0 || =2.9.7-r0 || =2.9.9-r0 || >=0 <2.9.13-r0 | 2.9.13-r0 | |
alpine v3.9 | =0.3.1-r0 || =0.4-r0 || =0.5-r0 || =0.7-r0 || =0.7.1-r0 || =0.8-r0 || =0.9-r0 || =1.0-r0 || =1.0-r1 || =1.1-r0 || =1.1-r1 || =1.2-r1 || =1.2.1-r1 || =1.2.2-r0 || =1.2.3-r0 || =1.3.3-r0 || =1.3.4-r0 || =1.4.1-r0 || =1.4.3-r0 || =1.4.5-r0 || =1.5.0-r0 || =1.5.4-r0 || =1.5.5-r0 || =1.6.1-r0 || =1.6.5-r0 || =1.6.6-r0 || =1.6.7-r0 || =1.7.0-r0 || =1.7.1-r0 || =1.7.2-r0 || =1.8.0-r0 || =1.8.2-r0 || =1.8.4-r0 || =1.9.2-r0 || =1.9.2-r1 || =1.9.3-r0 || =1.9.3-r1 || =1.9.4-r0 || =2.0.0.2-r0 || =2.0.0.2-r1 || =2.0.1.0-r1 || =2.1.0.0-r0 || =2.1.1.0-r0 || =2.1.2.0-r0 || =2.2.0.0-r0 || =2.2.1.0-r0 || =2.2.1.0-r1 || =2.2.2.0-r0 || =2.3.0.0-r0 || =2.3.0.0-r1 || =2.3.1.0-r0 || =2.3.2.0-r0 || =2.4.0.0-r0 || =2.4.1.0-r0 || =2.4.2.0-r0 || =2.4.3.0-r0 || =2.5.0-r0 || =2.5.2-r0 || =2.5.4-r0 || =2.5.5-r0 || =2.6.0-r0 || =2.6.1-r0 || =2.6.3-r0 || =2.7.0-r0 || =2.7.0-r1 || =2.7.12-r0 || =2.7.13-r0 || >=0 <2.7.14-r0 | 2.7.14-r0 | |
alpine v3.13 | =0.3.1-r0 || =0.4-r0 || =0.5-r0 || =0.7-r0 || =0.7.1-r0 || =0.8-r0 || =0.9-r0 || =1.0-r0 || =1.0-r1 || =1.1-r0 || =1.1-r1 || =1.2-r1 || =1.2.1-r1 || =1.2.2-r0 || =1.2.3-r0 || =1.3.3-r0 || =1.3.4-r0 || =1.4.1-r0 || =1.4.3-r0 || =1.4.5-r0 || =1.5.0-r0 || =1.5.4-r0 || =1.5.5-r0 || =1.6.1-r0 || =1.6.5-r0 || =1.6.6-r0 || =1.6.7-r0 || =1.7.0-r0 || =1.7.1-r0 || =1.7.2-r0 || =1.8.0-r0 || =1.8.2-r0 || =1.8.4-r0 || =1.9.2-r0 || =1.9.2-r1 || =1.9.3-r0 || =1.9.3-r1 || =1.9.4-r0 || =2.0.0.2-r0 || =2.0.0.2-r1 || =2.0.1.0-r1 || =2.1.0.0-r0 || =2.1.1.0-r0 || =2.1.2.0-r0 || =2.2.0.0-r0 || =2.2.1.0-r0 || =2.2.1.0-r1 || =2.2.2.0-r0 || =2.3.0.0-r0 || =2.3.0.0-r1 || =2.3.1.0-r0 || =2.3.2.0-r0 || =2.4.0.0-r0 || =2.4.1.0-r0 || =2.4.2.0-r0 || =2.4.3.0-r0 || =2.5.0-r0 || =2.5.2-r0 || =2.5.4-r0 || =2.5.5-r0 || =2.6.0-r0 || =2.6.1-r0 || =2.6.3-r0 || =2.7.0-r0 || =2.7.0-r1 || =2.7.9-r0 || =2.7.9-r1 || =2.8.0-r1 || =2.8.1-r0 || =2.8.2-r0 || =2.8.3-r0 || =2.8.4-r0 || >=0 <2.8.6-r0 | 2.8.6-r0 | |
alpine v3.14 | =0.3.1-r0 || =0.4-r0 || =0.5-r0 || =0.7-r0 || =0.7.1-r0 || =0.8-r0 || =0.9-r0 || =1.0-r0 || =1.0-r1 || =1.1-r0 || =1.1-r1 || =1.2-r1 || =1.2.1-r1 || =1.2.2-r0 || =1.2.3-r0 || =1.3.3-r0 || =1.3.4-r0 || =1.4.1-r0 || =1.4.3-r0 || =1.4.5-r0 || =1.5.0-r0 || =1.5.4-r0 || =1.5.5-r0 || =1.6.1-r0 || =1.6.5-r0 || =1.6.6-r0 || =1.6.7-r0 || =1.7.0-r0 || =1.7.1-r0 || =1.7.2-r0 || =1.8.0-r0 || =1.8.2-r0 || =1.8.4-r0 || =1.9.2-r0 || =1.9.2-r1 || =1.9.3-r0 || =1.9.3-r1 || =1.9.4-r0 || =2.0.0.2-r0 || =2.0.0.2-r1 || =2.0.1.0-r1 || =2.1.0.0-r0 || =2.1.1.0-r0 || =2.1.2.0-r0 || =2.2.0.0-r0 || =2.2.1.0-r0 || =2.2.1.0-r1 || =2.2.2.0-r0 || =2.3.0.0-r0 || =2.3.0.0-r1 || =2.3.1.0-r0 || =2.3.2.0-r0 || =2.4.0.0-r0 || =2.4.1.0-r0 || =2.4.2.0-r0 || =2.4.3.0-r0 || =2.5.0-r0 || =2.5.2-r0 || =2.5.4-r0 || =2.5.5-r0 || =2.6.0-r0 || =2.6.1-r0 || =2.6.3-r0 || =2.7.0-r0 || =2.7.0-r1 || =2.7.9-r0 || =2.7.9-r1 || =2.8.0-r1 || =2.8.1-r0 || =2.8.2-r0 || =2.8.3-r0 || =2.8.4-r0 || >=0 <2.8.6-r0 | 2.8.6-r0 | |
pypi | >=0 <2.6.20 || >=2.7.0a1 <2.7.14 || >=2.8.0a1 <2.8.6 | 2.6.20, 2.7.14, 2.8.6 |
1-10 of 13
10
Aliases
1. CVE-2019-148462. NVD-2019-148463. OSV-2019-148464. OSV-ALPINE-2019-148465. OSV-DEBIAN-2019-148466. GHSA-pm48-cvv2-29q57. GCVE-2019-148468. access.redhat.com9. access.redhat.com10. access.redhat.com11. access.redhat.com12. access.redhat.com13. bugzilla.redhat.com14. lists.debian.org15. lists.debian.org16. SECURITY-CVE-2019-1484617. SECURITY-TRACKER-CVE-2019-14846
References
1. https://github.com/ansible/ansible/pull/633662. https://www.debian.org/security/2021/dsa-49503. http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html4. http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html5. https://github.com/ansible/ansible/commit/90e74dd2600e5cc42dd9b4f4656f3d651c4ce5c46. https://github.com/ansible/ansible/commit/cb0f535a8b254a2daf69cd067e842fabb29930347. https://github.com/ansible/ansible/commit/d961f676c01023a6a21503df16ba551a550e515b8. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-148469. https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-4.yaml
Does your application use this vulnerable software?
During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.