CVE-2024-0690

moderate-risk
Published 2024-02-06

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.

Do I need to act?

-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.0/10 Medium
LOCAL / LOW complexity

Affected Products (8)

Ansible Developer
Ansible Inside

Affected Vendors

Redhat Fedoraproject

References (15)

Vendor Advisory https://access.redhat.com/errata/RHSA-2024:0733
https://access.redhat.com/errata/RHSA-2024:2246
https://access.redhat.com/errata/RHSA-2024:3043
Vendor Advisory https://access.redhat.com/security/cve/CVE-2024-0690
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2259013
Issue Tracking https://github.com/ansible/ansible/pull/82565
Vendor Advisory https://access.redhat.com/errata/RHSA-2024:0733
https://access.redhat.com/errata/RHSA-2024:2246
https://access.redhat.com/errata/RHSA-2024:3043
Vendor Advisory https://access.redhat.com/security/cve/CVE-2024-0690
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2259013
Issue Tracking https://github.com/ansible/ansible/pull/82565
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
https://security.netapp.com/advisory/ntap-20250117-0001/
31
/ 100
moderate-risk
Severity 17/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 14/34 · Moderate