Описание
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code not present |
| devel | not-affected | 2.9.2+dfsg-1 |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | not-affected | code not present |
| esm-apps/focal | not-affected | 2.9.2+dfsg-1 |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | not-affected | code not present |
| focal | not-affected | 2.9.2+dfsg-1 |
| precise/esm | DNE |
Показывать по
4 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible v ...
Inclusion of Sensitive Information in Log Files and Improper Output Neutralization for Logs in Ansible
Уязвимость модулей Splunk и Sumologic системы управления конфигурациями Ansible, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
4 Medium
CVSS2
6.5 Medium
CVSS3