An information disclosure flaw was found in ansible-core due to a failure to respect the `ANSIBLE_NO_LOG` configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.

Affected Packages

PyPI ansible-core

Affected versions: 0 (fixed in 2.14.14)

PyPI ansible-core

Affected versions: 2.16.0 (fixed in 2.16.3)

PyPI ansible-core

Affected versions: 2.15.0 (fixed in 2.15.9)

Related CVEs

CVE-2024-0690

Key Information

GHSA ID

GHSA-h24r-m9qc-pvpg

Published

February 6, 2024 12:30 PM

Last Modified

January 17, 2025 9:31 PM

CVSS Score

5.0 /10

Primary Ecosystem

PyPI

Primary Package

ansible-core

GitHub Reviewed

✓ Yes

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.