6.5
CVE-2019-14864
- EPSS 0.94%
- Veröffentlicht 02.01.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 04:27:31
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginAnsible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Ansible Tower Version3.0
Redhat ≫ Ceph Storage Version3.0
Redhat ≫ Cloudforms Management Engine Version5.0
Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Debian ≫ Debian Linux Version10.0
Opensuse ≫ Backports Sle Version15.0 Updatesp1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.94% | 0.754 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
| secalert@redhat.com | 5.7 | 2.1 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
|
CWE-117 Improper Output Neutralization for Logs
The product does not neutralize or incorrectly neutralizes output that is written to logs.
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.