CVE-2019-10217

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: ansible versions 2.8.0 through 2.8.3

Description: A flaw was found in the way sensitive data is handled. Fields managing sensitive data should be set as such by the no log feature. However, some fields in GCP modules are not set properly. The service account contents() function, which is a common class for all GCP modules, is not setting no log to True. As a result, any sensitive data managed by that function would be leaked as an output when running ansible playbooks.

Recommendations: For ansible versions 2.8.0 through 2.8.3, consider setting the no log feature to True for fields managing sensitive data in GCP modules to prevent sensitive data leakage. As a temporary workaround, consider modifying the service account contents() function to set no log to True until a patch is available.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2019-10217

GHSA-P75J-WC34-527C

OPENSUSE-SU-2020:0513-1

OPENSUSE-SU-2020:0523-1

OPENSUSE-SU-2020_0513-1

OPENSUSE-SU-2024:10615-1

OPENSUSE-SU-2024:14244-1

OPENSUSE-SU-2024:14536-1

OPENSUSE-SU-2025:15605-1

OPENSUSE-SU-2025:15753-1

PYSEC-2019-3

PYSEC-2019-73

RHSA-2019:2542

RHSA-2019:2543

SUSE-SU-2020:3309-1

Affected Products

Ansible-Core

Suse

Ansible

CVE-2019-10217

Weakness Enumeration

Related Identifiers

Affected Products

References · 156