Klaas-Analyst

Name of the Vulnerable Software and Affected Versions: Ansible (affected versions not specified) Description: A flaw was found in Ansible where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as `include vars` to load vaulted variables without setting the `no log: true` parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions. Recommendations: As a temporary workaround, consider setting the `no log: true` parameter when using tasks such as `include vars` to load vaulted variables until a patch is available. Restrict access to playbook output and logs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.