CVE-2019-14864 MEDIUM

CVE-2019-14864

Vendor Red Hat
Product Ansible
Weakness CWE-117
Published January 2, 2020
Last update August 5, 2024

CVSS base score

5.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.

Key dates

02Disclosure timeline

January 2, 2020 CVE published
August 5, 2024 Record updated