CVE-2024-8775

EPSS 0.04%
Veröffentlicht 14.09.2024 03:15:08
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Ansible-core: exposure of sensitive information in ansible vault files due to improper logging

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

CNA 14 VulnDex Vulnerability Enrichment 3

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/ansible/ansible

≫

Paket ansible-core

Default Statusunaffected

Version <= 2.17.4

Version 1.0.0

Status affected

HerstellerRed Hat

≫

Produkt Ansible Automation Platform Execution Environments

Default Statusaffected

Version 3.0.1-96

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Ansible Automation Platform Execution Environments

Default Statusaffected

Version 3.0.1-95

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Ansible Automation Platform Execution Environments

Default Statusaffected

Version 2.9.27-32

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Ansible Automation Platform Execution Environments

Default Statusaffected

Version 2.14.13-21

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Ansible Automation Platform Execution Environments

Default Statusaffected

Version 2.17.6-2

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Discovery 1 for RHEL 9

Default Statusaffected

Version 1.12.0-1

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Discovery 1 for RHEL 9

Default Statusaffected

Version 1.12.0-1

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Ansible Automation Platform 2.4 for RHEL 8

Default Statusaffected

Version 1:2.15.13-1.el8ap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Ansible Automation Platform 2.4 for RHEL 9

Default Statusaffected

Version 1:2.15.13-1.el9ap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Ansible Automation Platform 2.5 for RHEL 8

Default Statusaffected

Version 1:2.16.13-1.el8ap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Ansible Automation Platform 2.5 for RHEL 9

Default Statusaffected

Version 1:2.16.13-1.el9ap

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 10

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux AI (RHEL AI)

Default Statusaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.106

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://access.redhat.com/errata/RHSA-2024:10762

https://access.redhat.com/errata/RHSA-2024:8969

https://access.redhat.com/errata/RHSA-2024:9894

https://access.redhat.com/errata/RHSA-2025:1249

https://access.redhat.com/security/cve/CVE-2024-8775

https://bugzilla.redhat.com/show_bug.cgi?id=2312119

https://github.com/advisories/GHSA-jpxc-vmjf-9fcj

https://lists.debian.org/debian-lts-announce/2024/11/msg00021.html

https://nvd.nist.gov/vuln/detail/CVE-2024-8775

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-8775

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-8775

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-8775