Fluid Attacks Database

Description

Exposure of Sensitive Information to an Unauthorized Actor in ansible A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	ansible	>=2.8.0a1 <2.8.4	2.8.4
alpine v3.10	ansible	=0.3.1-r0 \|\| =0.4-r0 \|\| =0.5-r0 \|\| =0.7-r0 \|\| =0.7.1-r0 \|\| =0.8-r0 \|\| =0.9-r0 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.1-r0 \|\| =1.1-r1 \|\| =1.2-r1 \|\| =1.2.1-r1 \|\| =1.2.2-r0 \|\| =1.2.3-r0 \|\| =1.3.3-r0 \|\| =1.3.4-r0 \|\| =1.4.1-r0 \|\| =1.4.3-r0 \|\| =1.4.5-r0 \|\| =1.5.0-r0 \|\| =1.5.4-r0 \|\| =1.5.5-r0 \|\| =1.6.1-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.6.7-r0 \|\| =1.7.0-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.8.0-r0 \|\| =1.8.2-r0 \|\| =1.8.4-r0 \|\| =1.9.2-r0 \|\| =1.9.2-r1 \|\| =1.9.3-r0 \|\| =1.9.3-r1 \|\| =1.9.4-r0 \|\| =2.0.0.2-r0 \|\| =2.0.0.2-r1 \|\| =2.0.1.0-r1 \|\| =2.1.0.0-r0 \|\| =2.1.1.0-r0 \|\| =2.1.2.0-r0 \|\| =2.2.0.0-r0 \|\| =2.2.1.0-r0 \|\| =2.2.1.0-r1 \|\| =2.2.2.0-r0 \|\| =2.3.0.0-r0 \|\| =2.3.0.0-r1 \|\| =2.3.1.0-r0 \|\| =2.3.2.0-r0 \|\| =2.4.0.0-r0 \|\| =2.4.1.0-r0 \|\| =2.4.2.0-r0 \|\| =2.4.3.0-r0 \|\| =2.5.0-r0 \|\| =2.5.2-r0 \|\| =2.5.4-r0 \|\| =2.5.5-r0 \|\| =2.6.0-r0 \|\| =2.6.1-r0 \|\| =2.6.3-r0 \|\| =2.7.0-r0 \|\| =2.7.0-r1 \|\| =2.7.9-r0 \|\| =2.7.9-r1 \|\| =2.8.0-r1 \|\| =2.8.1-r0 \|\| =2.8.3-r0 \|\| >=0 <2.8.4-r0	2.8.4-r0
alpine v3.12	ansible	=0.3.1-r0 \|\| =0.4-r0 \|\| =0.5-r0 \|\| =0.7-r0 \|\| =0.7.1-r0 \|\| =0.8-r0 \|\| =0.9-r0 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.1-r0 \|\| =1.1-r1 \|\| =1.2-r1 \|\| =1.2.1-r1 \|\| =1.2.2-r0 \|\| =1.2.3-r0 \|\| =1.3.3-r0 \|\| =1.3.4-r0 \|\| =1.4.1-r0 \|\| =1.4.3-r0 \|\| =1.4.5-r0 \|\| =1.5.0-r0 \|\| =1.5.4-r0 \|\| =1.5.5-r0 \|\| =1.6.1-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.6.7-r0 \|\| =1.7.0-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.8.0-r0 \|\| =1.8.2-r0 \|\| =1.8.4-r0 \|\| =1.9.2-r0 \|\| =1.9.2-r1 \|\| =1.9.3-r0 \|\| =1.9.3-r1 \|\| =1.9.4-r0 \|\| =2.0.0.2-r0 \|\| =2.0.0.2-r1 \|\| =2.0.1.0-r1 \|\| =2.1.0.0-r0 \|\| =2.1.1.0-r0 \|\| =2.1.2.0-r0 \|\| =2.2.0.0-r0 \|\| =2.2.1.0-r0 \|\| =2.2.1.0-r1 \|\| =2.2.2.0-r0 \|\| =2.3.0.0-r0 \|\| =2.3.0.0-r1 \|\| =2.3.1.0-r0 \|\| =2.3.2.0-r0 \|\| =2.4.0.0-r0 \|\| =2.4.1.0-r0 \|\| =2.4.2.0-r0 \|\| =2.4.3.0-r0 \|\| =2.5.0-r0 \|\| =2.5.2-r0 \|\| =2.5.4-r0 \|\| =2.5.5-r0 \|\| =2.6.0-r0 \|\| =2.6.1-r0 \|\| =2.6.3-r0 \|\| =2.7.0-r0 \|\| =2.7.0-r1 \|\| =2.7.9-r0 \|\| =2.7.9-r1 \|\| =2.8.0-r1 \|\| =2.8.1-r0 \|\| =2.8.2-r0 \|\| =2.8.3-r0 \|\| >=0 <2.8.4-r0	2.8.4-r0
alpine v3.13	ansible-base	=0.3.1-r0 \|\| =0.4-r0 \|\| =0.5-r0 \|\| =0.7-r0 \|\| =0.7.1-r0 \|\| =0.8-r0 \|\| =0.9-r0 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.1-r0 \|\| =1.1-r1 \|\| =1.2-r1 \|\| =1.2.1-r1 \|\| =1.2.2-r0 \|\| =1.2.3-r0 \|\| =1.3.3-r0 \|\| =1.3.4-r0 \|\| =1.4.1-r0 \|\| =1.4.3-r0 \|\| =1.4.5-r0 \|\| =1.5.0-r0 \|\| =1.5.4-r0 \|\| =1.5.5-r0 \|\| =1.6.1-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.6.7-r0 \|\| =1.7.0-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.8.0-r0 \|\| =1.8.2-r0 \|\| =1.8.4-r0 \|\| =1.9.2-r0 \|\| =1.9.2-r1 \|\| =1.9.3-r0 \|\| =1.9.3-r1 \|\| =1.9.4-r0 \|\| =2.0.0.2-r0 \|\| =2.0.0.2-r1 \|\| =2.0.1.0-r1 \|\| =2.1.0.0-r0 \|\| =2.1.1.0-r0 \|\| =2.1.2.0-r0 \|\| =2.2.0.0-r0 \|\| =2.2.1.0-r0 \|\| =2.2.1.0-r1 \|\| =2.2.2.0-r0 \|\| =2.3.0.0-r0 \|\| =2.3.0.0-r1 \|\| =2.3.1.0-r0 \|\| =2.3.2.0-r0 \|\| =2.4.0.0-r0 \|\| =2.4.1.0-r0 \|\| =2.4.2.0-r0 \|\| =2.4.3.0-r0 \|\| =2.5.0-r0 \|\| =2.5.2-r0 \|\| =2.5.4-r0 \|\| =2.5.5-r0 \|\| =2.6.0-r0 \|\| =2.6.1-r0 \|\| =2.6.3-r0 \|\| =2.7.0-r0 \|\| =2.7.0-r1 \|\| =2.7.9-r0 \|\| =2.7.9-r1 \|\| =2.8.0-r1 \|\| =2.8.1-r0 \|\| =2.8.2-r0 \|\| =2.8.3-r0 \|\| >=0 <2.8.4-r0	2.8.4-r0
alpine v3.14	ansible-base	=0.3.1-r0 \|\| =0.4-r0 \|\| =0.5-r0 \|\| =0.7-r0 \|\| =0.7.1-r0 \|\| =0.8-r0 \|\| =0.9-r0 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.1-r0 \|\| =1.1-r1 \|\| =1.2-r1 \|\| =1.2.1-r1 \|\| =1.2.2-r0 \|\| =1.2.3-r0 \|\| =1.3.3-r0 \|\| =1.3.4-r0 \|\| =1.4.1-r0 \|\| =1.4.3-r0 \|\| =1.4.5-r0 \|\| =1.5.0-r0 \|\| =1.5.4-r0 \|\| =1.5.5-r0 \|\| =1.6.1-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.6.7-r0 \|\| =1.7.0-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.8.0-r0 \|\| =1.8.2-r0 \|\| =1.8.4-r0 \|\| =1.9.2-r0 \|\| =1.9.2-r1 \|\| =1.9.3-r0 \|\| =1.9.3-r1 \|\| =1.9.4-r0 \|\| =2.0.0.2-r0 \|\| =2.0.0.2-r1 \|\| =2.0.1.0-r1 \|\| =2.1.0.0-r0 \|\| =2.1.1.0-r0 \|\| =2.1.2.0-r0 \|\| =2.2.0.0-r0 \|\| =2.2.1.0-r0 \|\| =2.2.1.0-r1 \|\| =2.2.2.0-r0 \|\| =2.3.0.0-r0 \|\| =2.3.0.0-r1 \|\| =2.3.1.0-r0 \|\| =2.3.2.0-r0 \|\| =2.4.0.0-r0 \|\| =2.4.1.0-r0 \|\| =2.4.2.0-r0 \|\| =2.4.3.0-r0 \|\| =2.5.0-r0 \|\| =2.5.2-r0 \|\| =2.5.4-r0 \|\| =2.5.5-r0 \|\| =2.6.0-r0 \|\| =2.6.1-r0 \|\| =2.6.3-r0 \|\| =2.7.0-r0 \|\| =2.7.0-r1 \|\| =2.7.9-r0 \|\| =2.7.9-r1 \|\| =2.8.0-r1 \|\| =2.8.1-r0 \|\| =2.8.2-r0 \|\| =2.8.3-r0 \|\| >=0 <2.8.4-r0	2.8.4-r0
debian 13	ansible	>=0 <2.8.6+dfsg-1	2.8.6+dfsg-1
alpine v3.11	ansible	=0.3.1-r0 \|\| =0.4-r0 \|\| =0.5-r0 \|\| =0.7-r0 \|\| =0.7.1-r0 \|\| =0.8-r0 \|\| =0.9-r0 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.1-r0 \|\| =1.1-r1 \|\| =1.2-r1 \|\| =1.2.1-r1 \|\| =1.2.2-r0 \|\| =1.2.3-r0 \|\| =1.3.3-r0 \|\| =1.3.4-r0 \|\| =1.4.1-r0 \|\| =1.4.3-r0 \|\| =1.4.5-r0 \|\| =1.5.0-r0 \|\| =1.5.4-r0 \|\| =1.5.5-r0 \|\| =1.6.1-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.6.7-r0 \|\| =1.7.0-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.8.0-r0 \|\| =1.8.2-r0 \|\| =1.8.4-r0 \|\| =1.9.2-r0 \|\| =1.9.2-r1 \|\| =1.9.3-r0 \|\| =1.9.3-r1 \|\| =1.9.4-r0 \|\| =2.0.0.2-r0 \|\| =2.0.0.2-r1 \|\| =2.0.1.0-r1 \|\| =2.1.0.0-r0 \|\| =2.1.1.0-r0 \|\| =2.1.2.0-r0 \|\| =2.2.0.0-r0 \|\| =2.2.1.0-r0 \|\| =2.2.1.0-r1 \|\| =2.2.2.0-r0 \|\| =2.3.0.0-r0 \|\| =2.3.0.0-r1 \|\| =2.3.1.0-r0 \|\| =2.3.2.0-r0 \|\| =2.4.0.0-r0 \|\| =2.4.1.0-r0 \|\| =2.4.2.0-r0 \|\| =2.4.3.0-r0 \|\| =2.5.0-r0 \|\| =2.5.2-r0 \|\| =2.5.4-r0 \|\| =2.5.5-r0 \|\| =2.6.0-r0 \|\| =2.6.1-r0 \|\| =2.6.3-r0 \|\| =2.7.0-r0 \|\| =2.7.0-r1 \|\| =2.7.9-r0 \|\| =2.7.9-r1 \|\| =2.8.0-r1 \|\| =2.8.1-r0 \|\| =2.8.2-r0 \|\| =2.8.3-r0 \|\| >=0 <2.8.4-r0	2.8.4-r0
debian 12	ansible	>=0 <2.8.6+dfsg-1	2.8.6+dfsg-1
debian 14	ansible	>=0 <2.8.6+dfsg-1	2.8.6+dfsg-1
debian 11	ansible	>=0 <2.8.6+dfsg-1	2.8.6+dfsg-1

Aliases

1. CVE-2019-102172. NVD-2019-102173. OSV-2019-102174. OSV-ALPINE-2019-102175. OSV-DEBIAN-2019-102176. GHSA-p75j-wc34-527c7. GCVE-2019-102178. SECURITY-CVE-2019-102179. SECURITY-TRACKER-CVE-2019-10217

References

1. https://github.com/ansible/ansible/issues/562692. https://github.com/ansible/ansible/pull/594273. https://github.com/ansible/ansible/commit/c1ee1f142db1e669b710a65147ea32be47a915194. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-102175. https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-3.yaml6. http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html7. http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.