Описание
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Issue TrackingVendor Advisory
- PatchThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Одно из
Одно из
Одно из
Одновременно
Одно из
Одно из
EPSS
7.3 High
CVSS3
7.8 High
CVSS3
2.1 Low
CVSS2
Дефекты
Связанные уязвимости
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, an ...
Уязвимость системы управления конфигурациями Ansible, связана с раскрытием информации через регистрационные файлы, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
7.3 High
CVSS3
7.8 High
CVSS3
2.1 Low
CVSS2