Описание
A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.
Отчет
The version of ansible provided in Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and 3 does not contain the vulnerable functionality and is not affected by this vulnerability. Additionally, these storage products no longer maintains their own version of ansible and fixes are consumed from core Ansible repository.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Tower 3 | ansible | Out of support scope | ||
| Red Hat Ceph Storage 2 | ansible | Not affected | ||
| Red Hat Ceph Storage 3 | ansible | Not affected | ||
| Red Hat OpenStack Platform 10 (Newton) | ansible | Out of support scope | ||
| Red Hat OpenStack Platform 13 (Queens) | ansible | Not affected | ||
| Red Hat Storage 3 | ansible | Not affected | ||
| Red Hat Ansible Engine 2.8 for RHEL 7 | ansible | Fixed | RHSA-2020:3600 | 01.09.2020 |
| Red Hat Ansible Engine 2.8 for RHEL 8 | ansible | Fixed | RHSA-2020:3600 | 01.09.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.
A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.
A flaw was found in the Ansible Engine when using module_args. Tasks e ...
Insertion of Sensitive Information into Log File and Improper Output Neutralization for Logs in ansible
Уязвимость системы управления конфигурациями Ansible, связанная с неправильной обработкой выходных данных для журналов регистрации, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS
5.5 Medium
CVSS3