Description
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.
References (8)
Scores
CVSS v3
5.5
EPSS
0.0004
EPSS Percentile
10.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-532
Status
published
Products (13)
pypi/ansible-core
2.17.0b1 - 2.17.6PyPI
Red Hat/Ansible Automation Platform Execution Environments
2.14.13-21
Red Hat/Ansible Automation Platform Execution Environments
2.17.6-2
Red Hat/Ansible Automation Platform Execution Environments
2.9.27-32
Red Hat/Ansible Automation Platform Execution Environments
3.0.1-95
Red Hat/Ansible Automation Platform Execution Environments
3.0.1-96
Red Hat/Discovery 1 for RHEL 9
1.12.0-1
Red Hat/Red Hat Ansible Automation Platform 2.4 for RHEL 8
1:2.15.13-1.el8ap
Red Hat/Red Hat Ansible Automation Platform 2.4 for RHEL 9
1:2.15.13-1.el9ap
Red Hat/Red Hat Ansible Automation Platform 2.5 for RHEL 8
1:2.16.13-1.el8ap
... and 3 more
Published
Sep 14, 2024
Tracked Since
Feb 18, 2026