Published: 02/01/2020 Updated: 22/04/2022

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Ansible, versions 2.9.x prior to 2.9.1, 2.8.x prior to 2.8.7 and Ansible versions 2.7.x prior to 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat ansible
redhat ansible tower 3.0
redhat ceph storage 3.0
redhat cloudforms management engine 5.0
redhat enterprise linux 6.0
redhat enterprise linux 7.0
redhat enterprise linux 8.0
debian debian linux 10.0
opensuse backports sle 15.0
opensuse leap 15.1

Debian Bug report logs - #943768 ansible: CVE-2019-14864 Package: src:ansible; Maintainer for src:ansible is Harlan Lieberman-Berg <hlieberman@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 29 Oct 2019 14:39:02 UTC Severity: important Tags: security, upstream Found in version ansible/2 ...

Several vulnerabilities have been found in Ansible, a configuration management, deployment and task execution system, which could result in information disclosure or argument injection In addition a race condition in become_user was fixed For the stable distribution (buster), these problems have been fixed in version 277+dfsg-1+deb10u1 We reco ...

Synopsis Moderate: ansible security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for Ansible is now available for Ansible Engine 29Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...

Synopsis Important: Red Hat Ansible Tower 354-1 - RHEL7 Container Type/Severity Security Advisory: Important Topic Red Hat Ansible Tower 354-1 - RHEL7 Container Description Added a command to generate a new SECRET_KEY and rekey the database Removed the guest user from the optionally-c ...

Synopsis Moderate: ansible security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for Ansible is now available for Ansible Engine 29Red Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score, ...

Synopsis Moderate: ansible security update Type/Severity Security Advisory: Moderate Topic An update for Ansible is now available for Ansible Engine 27Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which give ...

Synopsis Moderate: ansible security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for Ansible is now available for Ansible Engine 28Red Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score, ...

CWE-532 CWE-117 https://github.com/ansible/ansible/pull/63527 https://github.com/ansible/ansible/issues/63522 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14864 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html https://www.debian.org/security/2021/dsa-4950 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941412 https://www.debian.org/security/2021/dsa-4950

CVE-2019-14864

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect