Fluid Attacks Database

Description

Ansible-core information disclosure flaw An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	ansible-core	=2.14.10-1 \|\| =2.14.11-1 \|\| =2.14.11-2 \|\| =2.14.13-1 \|\| =2.14.3-1 \|\| =2.14.6-1 \|\| =2.14.7-1 \|\| =2.14.8-1 \|\| =2.14.9-1 \|\| =2.14.9-2 \|\| >=0 <2.14.16-0+deb12u1	2.14.16-0+deb12u1
pypi	ansible-core	>=0 <2.14.14 \|\| >=2.16.0 <2.16.3 \|\| >=2.15.0 <2.15.9	2.14.14, 2.16.3, 2.15.9
debian 14	ansible-core	>=0 <2.16.5-1	2.16.5-1
debian 11	ansible	=2.10.7+merged+base+2.10.8+dfsg-1 \|\| >=0 <2.10.7+merged+base+2.10.17+dfsg-0+deb11u1	2.10.7+merged+base+2.10.17+dfsg-0+deb11u1
debian 12	ansible	>=0 <5.4.0-1	5.4.0-1
debian 13	ansible	>=0 <5.4.0-1	5.4.0-1
debian 14	ansible	>=0 <5.4.0-1	5.4.0-1
debian 13	ansible-core	>=0 <2.16.5-1	2.16.5-1
rpm rhel8	ansible-core	<0:2.16.3-2.el8	0:2.16.3-2.el8
rpm rhel9	ansible-core	<1:2.14.14-1.el9	1:2.14.14-1.el9

Aliases

1. CVE-2024-06902. NVD-2024-06903. OSV-DEBIAN-2024-06904. OSV-2024-06905. GCVE-2024-06906. SECURITY-TRACKER-CVE-2024-06907. access.redhat.com8. access.redhat.com9. access.redhat.com10. ACCESS-CVE-2024-0690

References

1. https://github.com/ansible/ansible/pull/825652. https://github.com/ansible/ansible/commit/6935c8e303440addd3871ecf8e04bde61080b0323. https://github.com/ansible/ansible/commit/78db3a3de6b40fb52d216685ae7cb903c609c3e14. https://github.com/ansible/ansible/commit/b9a03bbf5a63459468baf8895ff74a62e9be45325. https://github.com/ansible/ansible/commit/beb04bc2642c208447c5a936f94310528a1946b16. https://bugzilla.redhat.com/show_bug.cgi?id=22590137. https://github.com/pypa/advisory-database/tree/main/vulns/ansible-core/PYSEC-2024-36.yaml8. https://lists.fedoraproject.org/archives/list/[email protected]/message/IZQGCRDSZL7ONCULMB6ZUHOE4L44KIBP9. https://lists.fedoraproject.org/archives/list/[email protected]/message/VDYSWOCPZMNRU5LWKIEBW4WGWLMTU7WQ10. https://security.netapp.com/advisory/ntap-20250117-0001

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.