fkie_cve-2024-8775
Vulnerability from fkie_nvd
Published
2024-09-14 03:15
Modified
2025-02-10 19:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:10762
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:8969
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:9894
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:1249
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2024-8775
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2312119
secalert@redhat.comhttps://github.com/advisories/GHSA-jpxc-vmjf-9fcj
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una falla en Ansible, donde la informaci\u00f3n confidencial almacenada en archivos de Ansible Vault puede quedar expuesta en texto plano durante la ejecuci\u00f3n de un playbook. Esto ocurre cuando se usan tareas como include_vars para cargar variables almacenadas sin configurar el par\u00e1metro no_log: true, lo que da como resultado que se impriman datos confidenciales en la salida o los registros del playbook. Esto puede provocar la divulgaci\u00f3n involuntaria de secretos como contrase\u00f1as o claves API, lo que compromete la seguridad y potencialmente permite el acceso o las acciones no autorizadas."
    }
  ],
  "id": "CVE-2024-8775",
  "lastModified": "2025-02-10T19:15:39.603",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-09-14T03:15:08.987",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:10762"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:8969"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:9894"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:1249"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8775"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312119"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/advisories/GHSA-jpxc-vmjf-9fcj"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.