CVE-2024-8775

EPSS 0.03%
Published 14.09.2024 03:15:08
Last modified 10.02.2025 19:15:39
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/ansible/ansible

≫

Package ansible-core

Default Statusunaffected

Version <= 2.17.4

Version 1.0.0

Status affected

VendorRed Hat

≫

Product Ansible Automation Platform Execution Environments

Default Statusaffected

Version < *

Version 3.0.1-96

Status unaffected

VendorRed Hat

≫

Product Ansible Automation Platform Execution Environments

Default Statusaffected

Version < *

Version 3.0.1-95

Status unaffected

VendorRed Hat

≫

Product Ansible Automation Platform Execution Environments

Default Statusaffected

Version < *

Version 2.9.27-32

Status unaffected

VendorRed Hat

≫

Product Ansible Automation Platform Execution Environments

Default Statusaffected

Version < *

Version 2.14.13-21

Status unaffected

VendorRed Hat

≫

Product Ansible Automation Platform Execution Environments

Default Statusaffected

Version < *

Version 2.18.0-2

Status unaffected

VendorRed Hat

≫

Product Discovery 1 for RHEL 9

Default Statusaffected

Version < *

Version 1.12.0-1

Status unaffected

VendorRed Hat

≫

Product Discovery 1 for RHEL 9

Default Statusaffected

Version < *

Version 1.12.0-1

Status unaffected

VendorRed Hat

≫

Product Red Hat Ansible Automation Platform 2.4 for RHEL 8

Default Statusaffected

Version < *

Version 1:2.15.13-1.el8ap

Status unaffected

VendorRed Hat

≫

Product Red Hat Ansible Automation Platform 2.4 for RHEL 9

Default Statusaffected

Version < *

Version 1:2.15.13-1.el9ap

Status unaffected

VendorRed Hat

≫

Product Red Hat Ansible Automation Platform 2.5 for RHEL 8

Default Statusaffected

Version < *

Version 1:2.16.13-1.el8ap

Status unaffected

VendorRed Hat

≫

Product Red Hat Ansible Automation Platform 2.5 for RHEL 9

Default Statusaffected

Version < *

Version 1:2.16.13-1.el9ap

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 10

Default Statusaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux AI (RHEL AI)

Default Statusaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.057

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secalert@redhat.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://access.redhat.com/errata/RHSA-2024:10762

https://access.redhat.com/errata/RHSA-2024:8969

https://access.redhat.com/errata/RHSA-2024:9894

https://access.redhat.com/errata/RHSA-2025:1249

https://access.redhat.com/security/cve/CVE-2024-8775

https://bugzilla.redhat.com/show_bug.cgi?id=2312119

https://github.com/advisories/GHSA-jpxc-vmjf-9fcj

https://nvd.nist.gov/vuln/detail/CVE-2024-8775

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-8775

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-8775

EUVD