PYSEC-2018-42

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/ansible/PYSEC-2018-42.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2018-42
Aliases
Published
2018-07-03T01:29:00Z
Modified
2023-11-01T05:29:43.052426Z
Summary
[none]
Details

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.

References

Affected packages

PyPI / ansible

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.5
Fixed
2.5.5
Introduced
2.4
Fixed
2.4.5.0

Affected versions

2.*

2.4.0.0
2.4.1.0
2.4.2.0
2.4.3.0
2.4.4.0
2.5.0
2.5.1
2.5.2
2.5.3
2.5.4