Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2019-14864
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.
| Software | From | Fixed in |
|---|---|---|
| redhat / cloudforms_management_engine | 5.0 | 5.0.x |
| redhat / ceph_storage | 3.0 | 3.0.x |
| redhat / ansible_tower | 3.0 | 3.0.x |
| redhat / ansible | 2.9.0 | 2.9.1 |
| redhat / ansible | 2.8.0 | 2.8.7 |
| redhat / ansible | 2.7.0 | 2.7.15 |
| redhat / enterprise_linux | 7.0 | 7.0.x |
| redhat / enterprise_linux | 6.0 | 6.0.x |
| redhat / enterprise_linux | 8.0 | 8.0.x |
| debian / debian_linux | 10.0 | 10.0.x |
| opensuse / leap | 15.1 | 15.1.x |
| opensuse / backports_sle | 15.0-sp1 | 15.0-sp1.x |
ansible
|
2.7.0 | 2.7.16 |
|
ansible
|
2.8.0 | 2.8.8 |
|
ansible
|
2.9.0 | 2.9.2 |
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14864
- https://github.com/ansible/ansible/commit/75288a89d0053d6df35c90863fb6c9542d89850e
- https://github.com/ansible/ansible/issues/63522
- https://github.com/ansible/ansible/pull/63527
- https://github.com/ansible/ansible/pull/64273
- https://github.com/ansible/ansible/pull/64274
- https://github.com/ansible/ansible/pull/64748
- https://www.debian.org/security/2021/dsa-4950