CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-0690: Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration

Description

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.

Classification

CVE ID: CVE-2024-0690

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 18.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-15 (when was this score calculated)

References

https://access.redhat.com/errata/RHSA-2024:0733
https://access.redhat.com/errata/RHSA-2024:2246
https://access.redhat.com/errata/RHSA-2024:3043
https://access.redhat.com/security/cve/CVE-2024-0690
https://bugzilla.redhat.com/show_bug.cgi?id=2259013
https://github.com/ansible/ansible/pull/82565

Timeline

2025-01-18 00:30:16 UTC
CVE

Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration