CVE-2019-14864

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ansible versions 2.7.x through 2.7.14 Ansible versions 2.8.x through 2.8.6 Ansible versions 2.9.x through 2.9.0

Description The issue is related to the absence of consideration for the no log flag in Ansible's system management configuration modules for Splunk and Sumologic. This could allow a remote attacker to gain unauthorized access to protected information. The vulnerability affects Ansible when using Sumologic and Splunk callback plugins, causing the disclosure and collection of sensitive data when the no log flag is set to True.

Recommendations For Ansible versions 2.7.x through 2.7.14, update to version 2.7.15 or later to resolve the issue. For Ansible versions 2.8.x through 2.8.6, update to version 2.8.7 or later to resolve the issue. For Ansible versions 2.9.x through 2.9.0, update to version 2.9.1 or later to resolve the issue.

Exploit

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532CWE-117

Related Identifiers

ALT-PU-2020-1453

ALT-PU-2020-1490

BDU:2020-03324

CVE-2019-14864

DSA-4950-1

GHSA-3M93-M4Q6-MC6V

MGASA-2019-0358

OPENSUSE-SU-2020:0513-1

OPENSUSE-SU-2020:0523-1

OPENSUSE-SU-2020_0513-1

OPENSUSE-SU-2024:10615-1

OPENSUSE-SU-2024:14244-1

OPENSUSE-SU-2024:14536-1

OPENSUSE-SU-2025:15605-1

OPENSUSE-SU-2025:15753-1

PYSEC-2020-160

PYSEC-2020-179

RHSA-2019:3925

RHSA-2019:3926

RHSA-2019:3927

RHSA-2019:3928

SUSE-SU-2020:3309-1

Affected Products

Alt Linux

Ansible

Ansible-Core

Astra Linux

Suse

CVE-2019-14864

Weakness Enumeration

Related Identifiers

Affected Products

References · 178