CVE-2024-0690

MEDIUM5.0EPSS 0.06%

Ansible-core information disclosure flaw

Published: 2/6/2024Modified: 4/28/2026

Description

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.

Affected packages (4)

Debian/ansiblefrom 0, < 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1
Debian/ansible-corefrom 0, < 2.14.16-0+deb12u1
PyPI/ansible-corefrom 0, < 2.14.14
PyPI/ansible-core>= 2.16.0, < 2.16.3, >= 2.15.0, < 2.15.9, from 0, < 2.14.4

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.0	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

References (17)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-0690
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2024-0690
PATCHhttps://github.com/ansible/ansible
WEBhttps://access.redhat.com/errata/RHSA-2024:0733
WEBhttps://access.redhat.com/errata/RHSA-2024:2246
WEBhttps://access.redhat.com/errata/RHSA-2024:3043
WEBhttps://access.redhat.com/security/cve/CVE-2024-0690
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2259013
WEBhttps://github.com/ansible/ansible/commit/6935c8e303440addd3871ecf8e04bde61080b032
WEBhttps://github.com/ansible/ansible/commit/78db3a3de6b40fb52d216685ae7cb903c609c3e1
WEBhttps://github.com/ansible/ansible/commit/b9a03bbf5a63459468baf8895ff74a62e9be4532
WEBhttps://github.com/ansible/ansible/commit/beb04bc2642c208447c5a936f94310528a1946b1
WEBhttps://github.com/ansible/ansible/pull/82565
WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/ansible-core/PYSEC-2024-36.yaml
WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/IZQGCRDSZL7ONCULMB6ZUHOE4L44KIBP
WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/VDYSWOCPZMNRU5LWKIEBW4WGWLMTU7WQ
WEBhttps://security.netapp.com/advisory/ntap-20250117-0001