7.8

CVE-2019-14846

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatAnsible Engine Version < 2.6.20
RedhatAnsible Engine Version >= 2.7.0 < 2.7.14
RedhatAnsible Engine Version >= 2.8.0 < 2.8.6
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
OpensuseBackports Sle Version15.0 Updatesp1
OpensuseLeap Version15.1
RedhatOpenstack Version13
RedhatAnsible Engine Version2.0
   RedhatEnterprise Linux Server Version7.0
   RedhatEnterprise Linux Server Version8.0
RedhatAnsible Engine Version2.8.0
   RedhatEnterprise Linux Server Version7.0
   RedhatEnterprise Linux Server Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.51% 0.393
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
secalert@redhat.com 7.3 1.3 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE-117 Improper Output Neutralization for Logs

The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html
Third Party Advisory
Mailing List
https://www.debian.org/security/2021/dsa-4950
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
Third Party Advisory
Mailing List
https://access.redhat.com/errata/RHSA-2019:3201
Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:3202
Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:3203
Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:3207
Vendor Advisory
https://access.redhat.com/errata/RHSA-2020:0756
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846
Vendor Advisory
Issue Tracking
https://github.com/ansible/ansible/pull/63366
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
Third Party Advisory
Mailing List