Описание
A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ansible | fixed | 2.9.13+dfsg-1 | package | |
| ansible | end-of-life | stretch | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=1857805
https://github.com/ansible/ansible/pull/71033
https://github.com/ansible/ansible/commit/6cae9a4b168df776bf82deb04b2c62e00c38b49a (v2.9.12)
EPSS
Связанные уязвимости
A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.
A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.
A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.
Insertion of Sensitive Information into Log File and Improper Output Neutralization for Logs in ansible
Уязвимость системы управления конфигурациями Ansible, связанная с неправильной обработкой выходных данных для журналов регистрации, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS