Описание
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | 2.8.6+dfsg-1 |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | released | 2.5.1+dfsg-1ubuntu0.1+esm5 |
| esm-apps/focal | not-affected | 2.8.6+dfsg-1 |
| esm-apps/jammy | not-affected | 2.8.6+dfsg-1 |
| esm-apps/noble | not-affected | 2.8.6+dfsg-1 |
| esm-apps/xenial | released | 2.0.0.2-2ubuntu1.3+esm5 |
| esm-infra-legacy/trusty | released | 1.5.4+dfsg-1ubuntu0.1~esm3 |
Показывать по
EPSS
2.1 Low
CVSS2
7.8 High
CVSS3
Связанные уязвимости
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, an ...
Уязвимость системы управления конфигурациями Ansible, связана с раскрытием информации через регистрационные файлы, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
2.1 Low
CVSS2
7.8 High
CVSS3