Vulnetix
Try Vulnetix Request Demo
ALPINE-CVE-2019-14864 PUBLISHED CVSS 6.5 MEDIUM

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.

Risk Scores

CVSS v3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
Alpine:v3.9ansible0, 0.3.1-r0, 0.4-r0
Alpine:v3.10ansible1.3.4-r0, 1.4.1-r0, 1.4.3-r0

Timeline

References

Open in Interactive Console →