Ansible, versions 2.9.x prior to 2.9.1, 2.8.x prior to 2.8.7 and Ansible versions 2.7.x prior to 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat ansible |
||
redhat ansible tower 3.0 |
||
redhat ceph storage 3.0 |
||
redhat cloudforms management engine 5.0 |
||
redhat enterprise linux 6.0 |
||
redhat enterprise linux 7.0 |
||
redhat enterprise linux 8.0 |
||
debian debian linux 10.0 |
||
opensuse backports sle 15.0 |
||
opensuse leap 15.1 |