CVE-2019-14864

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-14864
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-14864.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-14864
Aliases
Downstream
Related
Published
2020-01-02T15:15:12.303Z
Modified
2026-03-13T14:33:13.855702Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.

References

Affected packages

Git / github.com/ansible/ansible

Affected ranges

Type
GIT
Repo
https://github.com/ansible/ansible
Events
Introduced
0a07068054090d5b78b27496aa251be74c484b45
Fixed
0623dedf2d9c4afc09e5be30d3ef249f9d1ebece
Introduced
2611867fd1dc387ceaa0ffb8ce0f030aafc2a859
Fixed
24220a618a6d5cd3b5c99f8c7f7771661ed08d33
Introduced
24325a05dfb9104d6d4ec8b488b89e07c2e6d376
Fixed
6c051b0241b27ea884722d1e822cd2eec3a919a0
Database specific 
{
    "versions": [
        {
            "introduced": "2.7.0"
        },
        {
            "fixed": "2.7.15"
        },
        {
            "introduced": "2.8.0"
        },
        {
            "fixed": "2.8.7"
        },
        {
            "introduced": "2.9.0"
        },
        {
            "fixed": "2.9.1"
        }
    ]
}

Affected versions

v2.*
v2.7.0
v2.7.1
v2.7.10
v2.7.11
v2.7.12
v2.7.13
v2.7.14
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.7.8
v2.7.9
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.6
v2.9.0

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "5.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.0-sp1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.1"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-14864.json"