Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2024-0690

UNKNOWN
Published 2024-02-06T12:00:28.505Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-0690. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
5.0
/10
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01
0.000
probability
of exploitation in the wild

There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25
Exploit Probability
Percentile: 0.182
Higher than 18.2% of all CVEs

Attack Vector Metrics

Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Description

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Unknown Vendor

Unknown Product

Affected Versions:

2.14.0 2.15.0 2.16.0
Red Hat

Red Hat Ansible Automation Platform 2.4 for RHEL 8

Affected Versions:

1:2.15.9-1.el8ap
Red Hat

Red Hat Ansible Automation Platform 2.4 for RHEL 9

Affected Versions:

1:2.15.9-1.el9ap
Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

0:2.16.3-2.el8
Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

1:2.14.14-1.el9

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Ansible-core information disclosure flaw

GHSA-h24r-m9qc-pvpg

Advisory Details

An information disclosure flaw was found in ansible-core due to a failure to respect the `ANSIBLE_NO_LOG` configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.

Affected Packages

PyPI ansible-core
ECOSYSTEM: ≥0 <2.14.14
PyPI ansible-core
ECOSYSTEM: ≥2.16.0 <2.16.3
PyPI ansible-core
ECOSYSTEM: ≥2.15.0 <2.15.9

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-0690
WEB https://github.com/ansible/ansible/pull/82565
WEB https://github.com/ansible/ansible/commit/6935c8e303440addd3871ecf8e04bde61080b032
WEB https://github.com/ansible/ansible/commit/78db3a3de6b40fb52d216685ae7cb903c609c3e1
WEB https://github.com/ansible/ansible/commit/b9a03bbf5a63459468baf8895ff74a62e9be4532
WEB https://github.com/ansible/ansible/commit/beb04bc2642c208447c5a936f94310528a1946b1
WEB https://access.redhat.com/errata/RHSA-2024:0733
WEB https://access.redhat.com/errata/RHSA-2024:2246
WEB https://access.redhat.com/errata/RHSA-2024:3043
WEB https://access.redhat.com/security/cve/CVE-2024-0690
WEB https://bugzilla.redhat.com/show_bug.cgi?id=2259013
PACKAGE https://github.com/ansible/ansible
WEB https://github.com/pypa/advisory-database/tree/main/vulns/ansible-core/PYSEC-2024-36.yaml
WEB https://security.netapp.com/advisory/ntap-20250117-0001

Advisory provided by GitHub Security Advisory Database. Published: February 6, 2024, Modified: January 17, 2025

References

https://access.redhat.com/errata/RHSA-2024:0733
https://access.redhat.com/errata/RHSA-2024:2246
https://access.redhat.com/errata/RHSA-2024:3043
https://access.redhat.com/security/cve/CVE-2024-0690
https://bugzilla.redhat.com/show_bug.cgi?id=2259013
https://github.com/ansible/ansible/pull/82565
Published: 2024-02-06T12:00:28.505Z
Last Modified: 2025-01-17T20:02:51.797Z
Copied to clipboard!