PT-2019-11640 · Red Hat+2 · Ansible+2

Ralbono

·

Publicado

2019-11-25

·

Atualizado

2026-06-03

·

CVE-2019-10217

CVSS v4.0

7.1

Alta

VetorAV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions: ansible versions 2.8.0 through 2.8.3
Description: A flaw was found in the way sensitive data is handled. Fields managing sensitive data should be set as such by the no log feature. However, some fields in GCP modules are not set properly. The service account contents() function, which is a common class for all GCP modules, is not setting no log to True. As a result, any sensitive data managed by that function would be leaked as an output when running ansible playbooks.
Recommendations: For ansible versions 2.8.0 through 2.8.3, consider setting the no log feature to True for fields managing sensitive data in GCP modules to prevent sensitive data leakage. As a temporary workaround, consider modifying the service account contents() function to set no log to True until a patch is available.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2019-10217
GHSA-P75J-WC34-527C
OPENSUSE-SU-2020:0513-1
OPENSUSE-SU-2020:0523-1
OPENSUSE-SU-2020_0513-1
OPENSUSE-SU-2024:10615-1
OPENSUSE-SU-2024:14244-1
OPENSUSE-SU-2024:14536-1
OPENSUSE-SU-2025:15605-1
OPENSUSE-SU-2025:15753-1
OPENSUSE-SU-2026:10944-1
PYSEC-2019-3
PYSEC-2019-73
RHSA-2019:2542
RHSA-2019:2543
SUSE-SU-2020:3309-1

Produtos afetados

Ansible-Core
Suse
Ansible