Описание
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.
Отчет
This issue is classified as moderate rather than important because while it does expose sensitive information during playbook execution, the exposure is limited to logs and output generated during the run, which is typically accessible only to authorized users with sufficient privileges. The flaw does not result in an immediate or direct compromise of systems, as no remote exploitation vector is introduced. Additionally, the risk can be mitigated through proper configuration (no_log: true) and access control measures, reducing the likelihood of unauthorized access to the logged data. However, the unintentional disclosure of secrets like passwords or API keys still presents a potential risk for privilege escalation or lateral movement within an environment, justifying a moderate severity rating.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | ansible-core | Affected | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/bootc-nvidia-rhel9 | Fix deferred | ||
| Ansible Automation Platform Execution Environments | ansible-automation-platform/ansible-builder-rhel8 | Fixed | RHSA-2024:8969 | 06.11.2024 |
| Ansible Automation Platform Execution Environments | ansible-automation-platform/ansible-builder-rhel9 | Fixed | RHSA-2024:8969 | 06.11.2024 |
| Ansible Automation Platform Execution Environments | ansible-automation-platform/ee-29-rhel8 | Fixed | RHSA-2024:8969 | 06.11.2024 |
| Ansible Automation Platform Execution Environments | ansible-automation-platform/ee-minimal-rhel8 | Fixed | RHSA-2024:8969 | 06.11.2024 |
| Ansible Automation Platform Execution Environments | ansible-automation-platform/ee-minimal-rhel9 | Fixed | RHSA-2024:8969 | 06.11.2024 |
| Discovery 1 for RHEL 9 | discovery/discovery-server-rhel9 | Fixed | RHSA-2025:1249 | 10.02.2025 |
| Discovery 1 for RHEL 9 | discovery/discovery-ui-rhel9 | Fixed | RHSA-2025:1249 | 10.02.2025 |
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | ansible-core | Fixed | RHSA-2024:10762 | 03.12.2024 |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.
A flaw was found in Ansible, where sensitive information stored in Ans ...
Recommended update 4.3.15 for Multi-Linux Manager Client Tools
5.5 Medium
CVSS3