GHSA-j667-c2hm-f2wp

Source

https://github.com/advisories/GHSA-j667-c2hm-f2wp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-j667-c2hm-f2wp/GHSA-j667-c2hm-f2wp.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-j667-c2hm-f2wp

Aliases

Published

2022-02-09T21:59:39Z

Modified

2024-09-05T00:42:14.496868Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
6.8 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Insertion of Sensitive Information into Log File and Improper Output Neutralization for Logs in ansible

Details

A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.

Database specific

{
    "nvd_published_at": "2020-09-11T18:15:00Z",
    "severity": "MODERATE",
    "github_reviewed_at": "2021-04-02T23:18:09Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-117",
        "CWE-532"
    ]
}

References

Affected packages

PyPI / ansible

Package

Name: ansible; View open source insights on deps.dev
Purl: pkg:pypi/ansible

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.8.14

Affected versions

1.*

1.0

1.1

1.2

1.2.1

1.2.2

1.2.3

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.4

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.5

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

1.6

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

1.6.10

1.7

1.7.1

1.7.2

1.8

1.8.1

1.8.2

1.8.3

1.8.4

1.9.0

1.9.0.1

1.9.1

1.9.2

1.9.3

1.9.4

1.9.5

1.9.6

2.*

2.0.0

2.0.0.0

2.0.0.1

2.0.0.2

2.0.1.0

2.0.2.0

2.1.0.0

2.1.1.0

2.1.2.0

2.1.3.0

2.1.4.0

2.1.5.0

2.1.6.0

2.2.0.0

2.2.1.0

2.2.2.0

2.2.3.0

2.3.0.0

2.3.1.0

2.3.2.0

2.3.3.0

2.4.0.0

2.4.1.0

2.4.2.0

2.4.3.0

2.4.4.0

2.4.5.0

2.4.6.0

2.5.0a1

2.5.0b1

2.5.0b2

2.5.0rc1

2.5.0rc2

2.5.0rc3

2.5.0

2.5.1

2.5.2

2.5.3

2.5.4

2.5.5

2.5.6

2.5.7

2.5.8

2.5.9

2.5.10

2.5.11

2.5.12

2.5.13

2.5.14

2.5.15

2.6.0a1

2.6.0a2

2.6.0rc1

2.6.0rc2

2.6.0rc3

2.6.0rc4

2.6.0rc5

2.6.0

2.6.1

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.7

2.6.8

2.6.9

2.6.10

2.6.11

2.6.12

2.6.13

2.6.14

2.6.15

2.6.16

2.6.17

2.6.18

2.6.19

2.6.20

2.7.0.dev0

2.7.0a1

2.7.0b1

2.7.0rc1

2.7.0rc2

2.7.0rc3

2.7.0rc4

2.7.0

2.7.1

2.7.2

2.7.3

2.7.4

2.7.5

2.7.6

2.7.7

2.7.8

2.7.9

2.7.10

2.7.11

2.7.12

2.7.13

2.7.14

2.7.15

2.7.16

2.7.17

2.7.18

2.8.0a1

2.8.0b1

2.8.0rc1

2.8.0rc2

2.8.0rc3

2.8.0

2.8.1

2.8.2

2.8.3

2.8.4

2.8.5

2.8.6

2.8.7

2.8.8

2.8.9

2.8.10

2.8.11

2.8.12

2.8.13

PyPI / ansible

Package

Name: ansible; View open source insights on deps.dev
Purl: pkg:pypi/ansible

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.9.0a1

Fixed

2.9.12

Affected versions

2.*

2.9.0b1

2.9.0rc1

2.9.0rc2

2.9.0rc3

2.9.0rc4

2.9.0rc5

2.9.0

2.9.1

2.9.2

2.9.3

2.9.4

2.9.5

2.9.6

2.9.7

2.9.8

2.9.9

2.9.10

2.9.11

PyPI / ansible

Package

Name: ansible; View open source insights on deps.dev
Purl: pkg:pypi/ansible

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.10.0a1

Fixed

2.10.1rc2

Affected versions

2.*

2.10.0a1

2.10.0a2

2.10.0a3

2.10.0a4

2.10.0a5

2.10.0a6

2.10.0a7

2.10.0a8

2.10.0a9

2.10.0b1

2.10.0b2

2.10.0rc1

2.10.0