← Zuruck zu CVEs
CVE-2019-14864
MEDIUM6.5
Beschreibung
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.
CVE Details
CVSS v3.1 Bewertung6.5
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht1/2/2020
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
debian:debian_linuxopensuse:backports_sleopensuse:leapredhat:ansibleredhat:ansible_towerredhat:ceph_storageredhat:cloudforms_management_engineredhat:enterprise_linux
Schwachen (CWE)
CWE-117CWE-532CWE-532
Referenzen
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14864(secalert@redhat.com)
https://github.com/ansible/ansible/issues/63522(secalert@redhat.com)
https://github.com/ansible/ansible/pull/63527(secalert@redhat.com)
https://www.debian.org/security/2021/dsa-4950(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14864(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ansible/ansible/issues/63522(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ansible/ansible/pull/63527(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2021/dsa-4950(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.