PYSEC-2024-36 — Vulnetix

PYSEC-2024-36 PUBLISHED CVSS 5.5 MEDIUM

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
PyPI	ansible-core	2.16.0, 2.15.0, 0

Timeline

Feb 6, 2024 CVE Published
Feb 14, 2024 CVE Updated
May 1, 2026 Distribution Patch
May 1, 2026 Security Advisory

References

https://access.redhat.com/security/cve/CVE-2024-0690 advisory
https://access.redhat.com/errata/RHSA-2024:0733 advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2259013 report
https://github.com/ansible/ansible/pull/82565 fix

Open in Interactive Console →