AZL-34539

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-34539.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-34539

Upstream

CVE-2024-0690

Published

2024-02-06T12:15:55Z

Modified

2026-04-01T05:11:28.993238Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

CVE-2024-0690 affecting package ansible for versions less than 2.17.0-1

Details

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLENOLOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-0690

Affected packages

Azure Linux:3 / ansible

Package

Name: ansible
Purl: pkg:rpm/azure-linux/ansible

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.17.0-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-34539.json"