Sivel

**Name of the Vulnerable Software and Affected Versions** ansible-core (affected versions not specified) **Description** An information disclosure flaw was found in ansible-core due to a failure to respect the `ANSIBLE NO LOG` configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ansible versions prior to 2.5.15 Ansible versions prior to 2.6.14 Ansible versions prior to 2.7.8 **Description** The issue allows for a path traversal vulnerability, enabling the copying and overwriting of files outside the specified destination on the local Ansible controller host. This is due to the failure to restrict an absolute path. The vulnerability can be exploited by a local attacker to gain unauthorized access to information and compromise its integrity by copying and overwriting files beyond the intended directory. **Recommendations** For versions prior to 2.5.15, update to version 2.5.15 or later. For versions prior to 2.6.14, update to version 2.6.14 or later. For versions prior to 2.7.8, update to version 2.7.8 or later.