CVE-2019-14864

Summary

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.

Affected Software

VendorProductVersion RangeStatus
Red HatAnsibleAnsible versions 2.9.x before 2.9.1affected
Red HatAnsibleAnsible versions 2.8.x before 2.8.7affected
Red HatAnsibleAnsible versions 2.7.x before 2.7.15affected

Weaknesses

  • CWE-117: CWE-117
  • CWE-532: CWE-532

ADP Enrichment

CVE Program Container

Additional References

References