INFSA-2024:3043: ansible-core security update
Information about definition
Identificator: INFSA-2024:3043
Type: security
Release date: 2024-08-23 19:44:14 UTC
Information about package
Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
Vulnerabilities description
- CVE-2024-0690
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values. Bug Fixes: * Update ansible-core to 2.16.3. * Rebuild ansible-core with python 3.12.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-0690
|
no information | 5 | no information |
Updated packages