CVE-2019-14846

Name of the Vulnerable Software and Affected Versions Ansible versions up to 2.8.5 Ansible versions up to 2.7.13 Ansible versions up to 2.6.19 Ansible versions up to 3.5

Description The issue is related to the disclosure of information through log files in Ansible. Exploitation of this issue may allow an attacker to gain unauthorized access to protected information. The problem arises when a plugin uses a library that logs credentials at the DEBUG level. However, this flaw does not affect Ansible modules since they are executed in a separate process.

Recommendations For versions up to 2.8.5, consider disabling the DEBUG level logging until a patch is available. For versions up to 2.7.13, restrict access to log files to minimize the risk of exploitation. For versions up to 2.6.19, avoid using plugins that log credentials at the DEBUG level until the issue is resolved. For versions up to 3.5, as a temporary workaround, consider disabling the logging of credentials at the DEBUG level.