CVE-2024-8775

EPSS 0.03%
Veröffentlicht 14.09.2024 03:15:08
Zuletzt bearbeitet 10.02.2025 19:15:39
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/ansible/ansible

≫

Paket ansible-core

Default Statusunaffected

Version <= 2.17.4

Version 1.0.0

Status affected

HerstellerRed Hat

≫

Produkt Ansible Automation Platform Execution Environments

Default Statusaffected

Version < *

Version 3.0.1-96

Status unaffected

HerstellerRed Hat

≫

Produkt Ansible Automation Platform Execution Environments

Default Statusaffected

Version < *

Version 3.0.1-95

Status unaffected

HerstellerRed Hat

≫

Produkt Ansible Automation Platform Execution Environments

Default Statusaffected

Version < *

Version 2.9.27-32

Status unaffected

HerstellerRed Hat

≫

Produkt Ansible Automation Platform Execution Environments

Default Statusaffected

Version < *

Version 2.14.13-21

Status unaffected

HerstellerRed Hat

≫

Produkt Ansible Automation Platform Execution Environments

Default Statusaffected

Version < *

Version 2.18.0-2

Status unaffected

HerstellerRed Hat

≫

Produkt Discovery 1 for RHEL 9

Default Statusaffected

Version < *

Version 1.12.0-1

Status unaffected

HerstellerRed Hat

≫

Produkt Discovery 1 for RHEL 9

Default Statusaffected

Version < *

Version 1.12.0-1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Ansible Automation Platform 2.4 for RHEL 8

Default Statusaffected

Version < *

Version 1:2.15.13-1.el8ap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Ansible Automation Platform 2.4 for RHEL 9

Default Statusaffected

Version < *

Version 1:2.15.13-1.el9ap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Ansible Automation Platform 2.5 for RHEL 8

Default Statusaffected

Version < *

Version 1:2.16.13-1.el8ap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Ansible Automation Platform 2.5 for RHEL 9

Default Statusaffected

Version < *

Version 1:2.16.13-1.el9ap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 10

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux AI (RHEL AI)

Default Statusaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.057

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://access.redhat.com/errata/RHSA-2024:10762

https://access.redhat.com/errata/RHSA-2024:8969

https://access.redhat.com/errata/RHSA-2024:9894

https://access.redhat.com/errata/RHSA-2025:1249

https://access.redhat.com/security/cve/CVE-2024-8775

https://bugzilla.redhat.com/show_bug.cgi?id=2312119

https://github.com/advisories/GHSA-jpxc-vmjf-9fcj

https://nvd.nist.gov/vuln/detail/CVE-2024-8775

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-8775

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-8775

EUVD