Vulnerability DatabaseCVE-2024-0690
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-0690
February 06, 2024
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.
Affected Packages
ansible-core (PYTHON):
Affected version(s) >=2.16.0 <2.16.3
Fix Suggestion:
Update to version 2.16.3
ansible-core (PYTHON):
Affected version(s) >=0.0.1a1 <2.14.14
Fix Suggestion:
Update to version 2.14.14
ansible-core (PYTHON):
Affected version(s) >=2.15.0 <2.15.9
Fix Suggestion:
Update to version 2.15.9
Related ResourcesĀ (20)
https://access.redhat.com/errata/RHSA-2024:0733
https://access.redhat.com/security/cve/CVE-2024-0690
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDYSWOCPZMNRU5LWKIEBW4WGWLMTU7WQ/
https://github.com/ansible/ansible/commit/b9a03bbf5a63459468baf8895ff74a62e9be4532
https://github.com/ansible/ansible
https://github.com/pypa/advisory-database/tree/main/vulns/ansible-core/PYSEC-2024-36.yaml
https://security.netapp.com/advisory/ntap-20250117-0001/
https://access.redhat.com/errata/RHSA-2024:3043
https://github.com/ansible/ansible/commit/78db3a3de6b40fb52d216685ae7cb903c609c3e1
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZQGCRDSZL7ONCULMB6ZUHOE4L44KIBP/
https://bugzilla.redhat.com/show_bug.cgi?id=2259013
https://github.com/ansible/ansible/commit/beb04bc2642c208447c5a936f94310528a1946b1
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZQGCRDSZL7ONCULMB6ZUHOE4L44KIBP
https://security.netapp.com/advisory/ntap-20250117-0001
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDYSWOCPZMNRU5LWKIEBW4WGWLMTU7WQ
https://access.redhat.com/errata/RHSA-2024:2246
https://github.com/ansible/ansible/pull/82565
https://github.com/ansible/ansible/commit/6935c8e303440addd3871ecf8e04bde61080b032
https://security-tracker.debian.org/tracker/CVE-2024-0690
https://nvd.nist.gov/vuln/detail/CVE-2024-0690
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.1
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
PASSIVE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE
Weakness Type (CWE)
Improper Encoding or Escaping of Output
CWE-116
Improper Output Neutralization for Logs
CWE-117
EPSS
Base Score:
0.06