CVE-2024-0690

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:0733	Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:2246
https://access.redhat.com/errata/RHSA-2024:3043
https://access.redhat.com/security/cve/CVE-2024-0690	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2259013	Issue Tracking
https://github.com/ansible/ansible/pull/82565	Issue Tracking Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:ansible::::::::
	cpe:2.3:a:redhat:ansible::::::::
	cpe:2.3:a:redhat:ansible::::::::
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:redhat:ansible_automation_platform:2.4:::::::*
	cpe:2.3:a:redhat:ansible_developer:1.1:::::::*
	cpe:2.3:a:redhat:ansible_inside:1.2:::::::*

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*

History

No history.

Information

Published : 2024-02-06 12:15

Updated : 2024-05-22 17:16

NVD link : CVE-2024-0690

Mitre link : CVE-2024-0690

CVE.ORG link : CVE-2024-0690

JSON object : View

Products Affected

redhat

ansible_inside
ansible_developer
ansible
enterprise_linux
ansible_automation_platform

fedoraproject

fedora

CWE

CWE-116

Improper Encoding or Escaping of Output

CWE-117

Improper Output Neutralization for Logs

{"id": "CVE-2024-0690", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.3}]}, "published": "2024-02-06T12:15:55.530", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:0733", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:2246", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3043", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2024-0690", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259013", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}, {"url": "https://github.com/ansible/ansible/pull/82565", "tags": ["Issue Tracking", "Patch"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-116"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-117"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values."}, {"lang": "es", "value": "Se encontr\u00f3 una falla de divulgaci\u00f3n de informaci\u00f3n en ansible-core debido a que no se respet\u00f3 la configuraci\u00f3n de ANSIBLE_NO_LOG en algunos escenarios. Se descubri\u00f3 que la informaci\u00f3n todav\u00eda se incluye en la salida de determinadas tareas, como los elementos del bucle. Dependiendo de la tarea, este problema puede incluir informaci\u00f3n confidencial, como valores secretos descifrados."}], "lastModified": "2024-05-22T17:16:11.487", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "645218EF-62EC-4EA5-B196-6C52CC6BF0C6", "versionEndExcluding": "2.14.4"}, {"criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B80D311E-FA64-4A61-BC42-441B56D3A019", "versionEndExcluding": "2.15.9", "versionStartIncluding": "2.15.0"}, {"criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA1B5190-DFC2-4C0F-B190-515D768BB3CD", "versionEndExcluding": "2.16.3", "versionStartIncluding": "2.16.0"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05986E3C-7E5B-45C1-81B0-9D856A8FF1CC"}, {"criteria": "cpe:2.3:a:redhat:ansible_developer:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEE40363-D286-4EB7-80D2-17CF3B606AD6"}, {"criteria": "cpe:2.3:a:redhat:ansible_inside:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "897AB7AC-52B1-4335-97D5-D5EA2FF09CC6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}