Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-8775

Good to know:

icon
icon

Date: September 13, 2024

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.

Language: Python

Severity Score

Related Resources (13)

https://github.com/ansible/ansible
https://bugzilla.redhat.com/show_bug.cgi?id=2312119
https://access.redhat.com/security/cve/CVE-2024-8775
https://nvd.nist.gov/vuln/detail/CVE-2024-8775
https://access.redhat.com/errata/RHSA-2024:9894
https://github.com/advisories/GHSA-jpxc-vmjf-9fcj
https://access.redhat.com/errata/RHSA-2025:1249
https://access.redhat.com/errata/RHSA-2024:8969
https://github.com/ansible/ansible/commit/8a87e1c5d37422bc99d27ad4237d185cc233e035
https://github.com/ansible/ansible/blob/v2.17.6/changelogs/CHANGELOG-v2.17.rst#security-fixes
https://access.redhat.com/errata/RHSA-2024:10762
https://github.com/ansible/ansible/blob/v2.16.13/changelogs/CHANGELOG-v2.16.rst#security-fixes
https://www.mend.io/vulnerability-database/CVE-2024-8775

Severity Score

Weakness Type (CWE)

Insertion of Sensitive Information into Log File

CWE-532

Top Fix

icon

Upgrade Version

Upgrade to version ansible-core - 2.17.6;ansible-core - 2.16.13

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us