CVE-2024-8775

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: Ansible (affected versions not specified)

Description: A flaw was found in Ansible where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include vars to load vaulted variables without setting the no log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.

Recommendations: As a temporary workaround, consider setting the no log: true parameter when using tasks such as include vars to load vaulted variables until a patch is available. Restrict access to playbook output and logs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

AZL-53163

AZL-53180

BDU:2025-09010

CVE-2024-8775

DLA-3963-1

GHSA-JPXC-VMJF-9FCJ

MGASA-2025-0052

OESA-2024-2510

OESA-2024-2511

OESA-2024-2512

OESA-2024-2513

OPENSUSE-SU-2024:14498-1

OPENSUSE-SU-2024:14499-1

OPENSUSE-SU-2024:14537-1

OPENSUSE-SU-2025:15638-1

OPENSUSE-SU-2025:15754-1

RHSA-2024:10762

RHSA-2024:9894

SUSE-RU-2025:0791-1

Affected Products

Ansible

Astra Linux

Red Os

CVE-2024-8775

Weakness Enumeration

Related Identifiers

Affected Products

References · 66