CVE-2024-8775

Advisory

A security vulnerability affects Ansible, impacting the handling of sensitive information stored in Ansible Vault files. The vulnerability occurs during playbook execution when using tasks like include_vars to load vaulted variables without setting the no_log: true parameter. This flaw causes sensitive data, including passwords and API keys, to be exposed in plaintext within playbook outputs or logs. Attackers who gain access to these outputs could potentially acquire secrets, leading to unauthorized access or actions on affected systems. Users must immediately review and update their Ansible playbooks to ensure proper use of the no_log: true parameter when handling vaulted variables. Additionally, users should audit recent playbook outputs and logs for potential secret exposure.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

• https://github.com/ansible/ansible/commit/c9ac477e53a99e95781f333eec3329a935c1bf95
• https://github.com/advisories/GHSA-jpxc-vmjf-9fcj
• https://access.redhat.com/security/cve/CVE-2024-8775
• https://bugzilla.redhat.com/show_bug.cgi?id=2312119
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8775