DEBIAN-CVE-2024-8775
Advisory lineage Upstream: 1 Downstream: 1
Upstream
Downstream
Published: 14 Sept 2024, 03:15
Last modified:28 Apr 2026, 20:29
Vulnerability Summary
Overall Risk (default)
low
22/100 CVSS Score
5.5 MEDIUM
3.1 (osv_debian)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
14 Sept 2024, 03:15
Published
Vulnerability first disclosed
28 Apr 2026, 20:29
Last Modified
Vulnerability information updated
Description
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Systems
- debian•ansible
< 2.10.7+merged+base+2.10.17+dfsg-0+deb11u2 | < 5.4.0-1 | < 5.4.0-1 | < 5.4.0-1
- debian•ansible-core
< 2.14.18-0+deb12u1 | < 2.17.5-5 | < 2.17.5-5