2312119 – (CVE-2024-8775) CVE-2024-8775 ansible-core: Exposure of Sensitive Information in Ansible Vault Files Due to Improper Logging

Bug 2312119 (CVE-2024-8775) - CVE-2024-8775 ansible-core: Exposure of Sensitive Information in Ansible Vault Files Due to Improper Logging

Summary: CVE-2024-8775 ansible-core: Exposure of Sensitive Information in Ansible Vaul...

Keywords:
Status:	NEW
Alias:	CVE-2024-8775
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2312766 2312165 2312166 2312167 2312168 2312169 2312765
Blocks:
TreeView+	depends on / blocked

Reported:	2024-09-13 09:11 UTC by OSIDB Bzimport
Modified:	2025-04-06 19:15 UTC (History)
CC List:	66 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:10762	None	None	None	2024-12-03 16:17:19 UTC
Red Hat Product Errata	RHSA-2024:8969	None	None	None	2024-11-06 17:12:40 UTC
Red Hat Product Errata	RHSA-2024:9894	None	None	None	2024-11-18 16:53:02 UTC

Description OSIDB Bzimport 2024-09-13 09:11:31 UTC

This CVE affects Ansible and is similar to CVE-2024-0690. The vulnerability arises due to improper handling of sensitive variables loaded from Ansible Vault files, potentially leading to the exposure of secret data during execution.

Comment 3 errata-xmlrpc 2024-11-06 17:12:36 UTC

This issue has been addressed in the following products:

  Ansible Automation Platform Execution Environments

Via RHSA-2024:8969 https://access.redhat.com/errata/RHSA-2024:8969

Comment 4 errata-xmlrpc 2024-11-18 16:52:59 UTC

This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.5 for RHEL 8
  Red Hat Ansible Automation Platform 2.5 for RHEL 9

Via RHSA-2024:9894 https://access.redhat.com/errata/RHSA-2024:9894

Comment 5 errata-xmlrpc 2024-12-03 16:17:16 UTC

This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.4 for RHEL 8
  Red Hat Ansible Automation Platform 2.4 for RHEL 9

Via RHSA-2024:10762 https://access.redhat.com/errata/RHSA-2024:10762

Comment 6 Kunal Pusdekar 2025-01-14 18:56:11 UTC

Hello Team, 

Is there any specific reason why the RHEL is not in the affected column? 

This is regarding the ansible-core form AppStream Repo.

Note You need to log in before you can comment on or make changes to this bug.

achadha
adudiak
amctagga
aoconnor
bbuckingham
bniver
brking
caswilli
davidn
eglynn
ehelms
flucifre
ggainey
gmeno
gtanzill
haoli
hkataria
jcammara
jeder
jjoyce
jmitchel
jneedle
jsamir
jschluet
jtanner
juwatts
jwong
kaycoth
kpusdeka
kshier
lhh
lsvaty
luizcosta
mabashia
mbenjamin
mburns
mgarciac
mhackett
mhulan
michal.skrivanek
mminar
mperina
nmoumoul
nweather
omaciel
pbraun
pcreech
pgrist
rbiba
rbobbitt
rchan
rhos-maint
sbonazzo
simaishi
smcdonal
sostapov
sskracic
stcannon
sthirugn
teagle
tfister
thavo
vereddy
vkrizan
yguenane
zkayyali