CVE-2024-0690

Aliases:GHSA-h24r-m9qc-pvpgPYSEC-2024-36
Advisory lineage Upstream: 0 Downstream: 13
Modified
Published: 06 Feb 2024, 12:00
Last modified:06 Nov 2025, 21:48

Vulnerability Summary

Overall Risk (default)
low
22/100
CVSS Score
5.5 MEDIUM
v3.1 (nvd)
EPSS Score
0.06% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

06 Feb 2024, 12:00
Published
Vulnerability first disclosed
06 Nov 2025, 21:48
Last Modified
Vulnerability information updated

Description

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.

CVSS Metrics

  • v3.1MEDIUMScore: 5CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
  • v3.1MEDIUMScore: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Trends

Current EPSS score: 0.06% Percentile: 19%

Techniques & Countermeasures

  • CWE-116Improper Encoding or Escaping of Output

    The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

  • CWE-117Improper Output Neutralization for Logs

    The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.

Affected Systems

  • fedoraprojectfedora

    38 | 39

  • PyPIansible-core

    < 2.14.14 | ≥ 2.16.0, < 2.16.3 | ≥ 2.15.0, < 2.15.9 | < 2.14.4

  • redhatansible

    < 2.14.4 | ≥ 2.15.0, < 2.15.9 | ≥ 2.16.0, < 2.16.3

  • redhatansible_automation_platform

    2.4

  • redhatansible_developer

    1.1

  • redhatansible_inside

    1.2

  • redhatenterprise_linux

    8.0 | 9.0

References (19)