CVE-2024-8775

MEDIUM

ansible-core >=2.17.0b1 <2.17.6 - Sensitive Information Exposure in Log Files via Vault Variable Handling

Title source: llm

Description

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.

References (8)

Core 8

Core References

Various Sources

https://github.com/advisories/GHSA-jpxc-vmjf-9fcj

Mailing List

https://lists.debian.org/debian-lts-announce/2024/11/msg00021.html

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:10762

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:8969

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:9894

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:1249

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2024-8775

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2312119

Scores

CVSS v3 5.5

EPSS 0.0027

EPSS Percentile 18.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-532

Status published

Products (13)

pypi/ansible-core 2.17.0b1 - 2.17.6PyPI

Red Hat/Ansible Automation Platform Execution Environments 2.14.13-21

Red Hat/Ansible Automation Platform Execution Environments 2.17.6-2

Red Hat/Ansible Automation Platform Execution Environments 2.9.27-32

Red Hat/Ansible Automation Platform Execution Environments 3.0.1-95

Red Hat/Ansible Automation Platform Execution Environments 3.0.1-96

Red Hat/Discovery 1 for RHEL 9 1.12.0-1

Red Hat/Red Hat Ansible Automation Platform 2.4 for RHEL 8 1:2.15.13-1.el8ap

Red Hat/Red Hat Ansible Automation Platform 2.4 for RHEL 9 1:2.15.13-1.el9ap

Red Hat/Red Hat Ansible Automation Platform 2.5 for RHEL 8 1:2.16.13-1.el8ap

... and 3 more

Published Sep 14, 2024

Tracked Since Feb 18, 2026