CVE-2024-8775 MEDIUM

CVE-2024-8775: Ansible-core: exposure of sensitive information in ansible vault files due to improper logging

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Weakness CWE-532 · Sensitive info in logs
Published September 14, 2024
Last update November 6, 2025

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.

Key dates

02Disclosure timeline

September 14, 2024 CVE published
November 6, 2025 Record updated