PT-2019-5269 · Red Hat+5 · Ansible+5

Abadger

·

Published

2019-10-08

·

Updated

2025-11-21

·

CVE-2019-14846

CVSS v4.0

8.5

High

VectorAV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Ansible versions up to 2.8.5 Ansible versions up to 2.7.13 Ansible versions up to 2.6.19 Ansible versions up to 3.5
Description The issue is related to the disclosure of information through log files in Ansible. Exploitation of this issue may allow an attacker to gain unauthorized access to protected information. The problem arises when a plugin uses a library that logs credentials at the DEBUG level. However, this flaw does not affect Ansible modules since they are executed in a separate process.
Recommendations For versions up to 2.8.5, consider disabling the DEBUG level logging until a patch is available. For versions up to 2.7.13, restrict access to log files to minimize the risk of exploitation. For versions up to 2.6.19, avoid using plugins that log credentials at the DEBUG level until the issue is resolved. For versions up to 3.5, as a temporary workaround, consider disabling the logging of credentials at the DEBUG level.

Fix

Insertion into Log File

Weakness Enumeration

CWE-117CWE-532

Related Identifiers

ALT-PU-2020-1453
ALT-PU-2020-1490
ALT-PU-2020-2923
ALT-PU-2020-3006
ALT-PU-2021-1800
BDU:2020-02164
CVE-2019-14846
DLA-2202-1
DLA-2535-1
DSA-4950-1
GHSA-PM48-CVV2-29Q5
MGASA-2019-0309
OPENSUSE-SU-2020:0513-1
OPENSUSE-SU-2020:0523-1
OPENSUSE-SU-2020_0513-1
OPENSUSE-SU-2022:0081-1
OPENSUSE-SU-2024:10615-1
OPENSUSE-SU-2024:14244-1
OPENSUSE-SU-2024:14536-1
OPENSUSE-SU-2025:15605-1
OPENSUSE-SU-2025:15753-1
PYSEC-2019-4
PYSEC-2019-74
RHSA-2019:3201
RHSA-2019:3202
RHSA-2019:3203
RHSA-2019:3207
RHSA-2020:0756
SUSE-SU-2020:3309-1
USN-7330-1
USN-7330-2

Affected Products

Alt Linux
Ansible
Astra Linux
Linuxmint
Suse
Ubuntu