1. Home
  2. CVE Database
  3. CVE-2024-0690
MEDIUM · 5.0

CVE-2024-0690

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, s...

Vulnerability Description

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.

CVSS Score

5.0

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
RedhatAnsible< 2.14.4
RedhatEnterprise Linux8.0
RedhatAnsible Automation Platform2.4
RedhatAnsible Developer1.1
RedhatAnsible Inside1.2
FedoraprojectFedora38

Related Weaknesses (CWE)

CWE-117CWE-116

References

FAQ

What is CVE-2024-0690?

CVE-2024-0690 is a vulnerability with a CVSS score of 5.0 (MEDIUM). An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, s...

How severe is CVE-2024-0690?

CVE-2024-0690 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-0690?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Ansible, Redhat Enterprise Linux, Redhat Ansible Automation Platform, Redhat Ansible Developer, Redhat Ansible Inside.