CVE-2024-8775 - Vulnerability Details

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Ansible Automation Platform Ansible Automation Platform Developer Ansible Automation Platform Inside Discovery Enterprise Linux Ai

No data.

Package	CPE	Advisory	Released Date
Ansible Automation Platform Execution Environments
ansible-automation-platform/ansible-builder-rhel8:1.2.0-91	cpe:/a:redhat:ansible_automation_platform:ee::el8	RHSA-2024:8969	2024-11-06T00:00:00Z
ansible-automation-platform/ansible-builder-rhel9:3.0.1-95	cpe:/a:redhat:ansible_automation_platform:ee::el8	RHSA-2024:8969	2024-11-06T00:00:00Z
ansible-automation-platform/ee-29-rhel8:2.9.27-32	cpe:/a:redhat:ansible_automation_platform:ee::el8	RHSA-2024:8969	2024-11-06T00:00:00Z
ansible-automation-platform/ee-minimal-rhel8:2.18.0-1	cpe:/a:redhat:ansible_automation_platform:ee::el8	RHSA-2024:8969	2024-11-06T00:00:00Z
ansible-automation-platform/ee-minimal-rhel9:2.17.6-2	cpe:/a:redhat:ansible_automation_platform:ee::el8	RHSA-2024:8969	2024-11-06T00:00:00Z
Discovery 1 for RHEL 9
discovery/discovery-server-rhel9:1.12.0-1	cpe:/o:redhat:discovery:1.0::el9	RHSA-2025:1249	2025-02-10T00:00:00Z
discovery/discovery-ui-rhel9:1.12.0-1	cpe:/o:redhat:discovery:1.0::el9	RHSA-2025:1249	2025-02-10T00:00:00Z
Red Hat Ansible Automation Platform 2.4 for RHEL 8
ansible-core-1:2.15.13-1.el8ap	cpe:/a:redhat:ansible_automation_platform:2.4::el8	RHSA-2024:10762	2024-12-03T00:00:00Z
Red Hat Ansible Automation Platform 2.4 for RHEL 9
ansible-core-1:2.15.13-1.el9ap	cpe:/a:redhat:ansible_automation_platform:2.4::el9	RHSA-2024:10762	2024-12-03T00:00:00Z
Red Hat Ansible Automation Platform 2.5 for RHEL 8
ansible-core-1:2.16.13-1.el8ap	cpe:/a:redhat:ansible_automation_platform:2.5::el8	RHSA-2024:9894	2024-11-18T00:00:00Z
Red Hat Ansible Automation Platform 2.5 for RHEL 9
ansible-core-1:2.16.13-1.el9ap	cpe:/a:redhat:ansible_automation_platform:2.5::el9	RHSA-2024:9894	2024-11-18T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2024:10762
https://access.redhat.com/errata/RHSA-2024:8969
https://access.redhat.com/errata/RHSA-2024:9894
https://access.redhat.com/errata/RHSA-2025:1249
https://access.redhat.com/security/cve/CVE-2024-8775
https://bugzilla.redhat.com/show_bug.cgi?id=2312119
https://github.com/advisories/GHSA-jpxc-vmjf-9fcj
https://nvd.nist.gov/vuln/detail/CVE-2024-8775
https://www.cve.org/CVERecord?id=CVE-2024-8775

History

Wed, 12 Mar 2025 06:30:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:discovery:1::el9~~

Tue, 11 Mar 2025 03:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:discovery:1.0::el9

Mon, 10 Feb 2025 19:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat discovery
CPEs		cpe:/o:redhat:discovery:1::el9
Vendors & Products		Redhat discovery
References		https://access.redhat.com/errata/RHSA-2025:1249

Fri, 10 Jan 2025 22:15:00 +0000

Type	Values Removed	Values Added
References		https://github.com/advisories/GHSA-jpxc-vmjf-9fcj

Tue, 03 Dec 2024 16:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
References		https://access.redhat.com/errata/RHSA-2024:10762

Thu, 21 Nov 2024 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat ansible Automation Platform Developer Redhat ansible Automation Platform Inside
CPEs	~~cpe:/a:redhat:ansible_automation_platform:2~~	cpe:/a:redhat:ansible_automation_platform:2.5::el8 cpe:/a:redhat:ansible_automation_platform:2.5::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
Vendors & Products		Redhat ansible Automation Platform Developer Redhat ansible Automation Platform Inside
References		https://access.redhat.com/errata/RHSA-2024:9894

Wed, 06 Nov 2024 20:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:ansible_automation_platform:ee::el8 cpe:/a:redhat:ansible_automation_platform:ee::el9
References		https://access.redhat.com/errata/RHSA-2024:8969

Tue, 17 Sep 2024 06:30:00 +0000

Type	Values Removed	Values Added
Title	Ansible: exposure of sensitive information in ansible vault files due to improper logging	Ansible-core: exposure of sensitive information in ansible vault files due to improper logging
First Time appeared		Redhat ansible Automation Platform Redhat enterprise Linux Ai
CPEs	cpe:/a:redhat:discovery:1.0::el8 cpe:/a:redhat:rhui:4::el8 cpe:/a:redhat:storage:3	cpe:/a:redhat:ansible_automation_platform:2 cpe:/a:redhat:enterprise_linux_ai:1
Vendors & Products	Redhat discovery Redhat rhui Redhat storage	Redhat ansible Automation Platform Redhat enterprise Linux Ai

Mon, 16 Sep 2024 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sat, 14 Sep 2024 02:30:00 +0000

Type	Values Removed	Values Added
Title	ansible: Exposure of Sensitive Information in Ansible Vault Files Due to Improper Logging	Ansible: exposure of sensitive information in ansible vault files due to improper logging
First Time appeared		Redhat Redhat discovery Redhat rhui Redhat storage
CPEs		cpe:/a:redhat:discovery:1.0::el8 cpe:/a:redhat:rhui:4::el8 cpe:/a:redhat:storage:3
Vendors & Products		Redhat Redhat discovery Redhat rhui Redhat storage
References		https://access.redhat.com/security/cve/CVE-2024-8775 https://bugzilla.redhat.com/show_bug.cgi?id=2312119

Fri, 13 Sep 2024 23:30:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.
Title		ansible: Exposure of Sensitive Information in Ansible Vault Files Due to Improper Logging
Weaknesses		CWE-532
References		https://nvd.nist.gov/vuln/detail/CVE-2024-8775 https://www.cve.org/CVERecord?id=CVE-2024-8775
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}` threat_severity `Moderate`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-09-14T02:15:14.907Z

Updated: 2025-03-14T14:43:44.402Z

Reserved: 2024-09-13T09:06:07.367Z

Link: CVE-2024-8775

Vulnrichment

Updated: 2024-09-16T14:28:57.342Z

NVD

Status : Awaiting Analysis

Published: 2024-09-14T03:15:08.987

Modified: 2025-02-10T19:15:39.603

Link: CVE-2024-8775

Redhat

Severity : Moderate

Publid Date: 2024-09-13T08:35:00Z

Links: CVE-2024-8775 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8775", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-09-13T09:06:07.367Z", "datePublished": "2024-09-14T02:15:14.907Z", "dateUpdated": "2025-03-14T14:43:44.402Z"}, "containers": {"cna": {"title": "Ansible-core: exposure of sensitive information in ansible vault files due to improper logging", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions."}], "affected": [{"versions": [{"status": "affected", "version": "1.0.0", "versionType": "semver", "lessThanOrEqual": "2.17.4"}], "packageName": "ansible-core", "collectionURL": "https://github.com/ansible/ansible", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Ansible Automation Platform Execution Environments", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "ansible-automation-platform/ansible-builder-rhel8", "defaultStatus": "affected", "versions": [{"version": "1.2.0-91", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8"]}, {"vendor": "Red Hat", "product": "Ansible Automation Platform Execution Environments", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "ansible-automation-platform/ansible-builder-rhel9", "defaultStatus": "affected", "versions": [{"version": "3.0.1-95", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8"]}, {"vendor": "Red Hat", "product": "Ansible Automation Platform Execution Environments", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "ansible-automation-platform/ee-29-rhel8", "defaultStatus": "affected", "versions": [{"version": "2.9.27-32", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8"]}, {"vendor": "Red Hat", "product": "Ansible Automation Platform Execution Environments", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "ansible-automation-platform/ee-minimal-rhel8", "defaultStatus": "affected", "versions": [{"version": "2.17.6-1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8"]}, {"vendor": "Red Hat", "product": "Ansible Automation Platform Execution Environments", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "ansible-automation-platform/ee-minimal-rhel9", "defaultStatus": "affected", "versions": [{"version": "2.17.6-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8"]}, {"vendor": "Red Hat", "product": "Discovery 1 for RHEL 9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "discovery/discovery-server-rhel9", "defaultStatus": "affected", "versions": [{"version": "1.12.0-1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:discovery:1.0::el9"]}, {"vendor": "Red Hat", "product": "Discovery 1 for RHEL 9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "discovery/discovery-ui-rhel9", "defaultStatus": "affected", "versions": [{"version": "1.12.0-1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:discovery:1.0::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ansible-core", "defaultStatus": "affected", "versions": [{"version": "1:2.15.13-1.el8ap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ansible-core", "defaultStatus": "affected", "versions": [{"version": "1:2.15.13-1.el9ap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ansible-core", "defaultStatus": "affected", "versions": [{"version": "1:2.16.13-1.el8ap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ansible-core", "defaultStatus": "affected", "versions": [{"version": "1:2.16.13-1.el9ap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux AI (RHEL AI)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhelai1/bootc-nvidia-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:enterprise_linux_ai:1"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:10762", "name": "RHSA-2024:10762", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:8969", "name": "RHSA-2024:8969", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:9894", "name": "RHSA-2024:9894", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1249", "name": "RHSA-2025:1249", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-8775", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312119", "name": "RHBZ#2312119", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/advisories/GHSA-jpxc-vmjf-9fcj"}], "datePublic": "2024-09-13T08:35:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-532: Insertion of Sensitive Information into Log File", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2024-09-13T08:31:27.781000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-09-13T08:35:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-03-14T14:43:44.402Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-16T14:21:23.423396Z", "id": "CVE-2024-8775", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-16T14:29:01.960Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8775", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-16T14:21:23.423396Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-16T14:28:57.342Z"}}], "cna": {"title": "Ansible-core: exposure of sensitive information in ansible vault files due to improper logging", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"versions": [{"status": "affected", "version": "1.0.0", "versionType": "semver", "lessThanOrEqual": "2.17.4"}], "packageName": "ansible-core", "collectionURL": "https://github.com/ansible/ansible", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8"], "vendor": "Red Hat", "product": "Ansible Automation Platform Execution Environments", "versions": [{"status": "unaffected", "version": "1.2.0-91", "lessThan": "*", "versionType": "rpm"}], "packageName": "ansible-automation-platform/ansible-builder-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8"], "vendor": "Red Hat", "product": "Ansible Automation Platform Execution Environments", "versions": [{"status": "unaffected", "version": "3.0.1-95", "lessThan": "*", "versionType": "rpm"}], "packageName": "ansible-automation-platform/ansible-builder-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8"], "vendor": "Red Hat", "product": "Ansible Automation Platform Execution Environments", "versions": [{"status": "unaffected", "version": "2.9.27-32", "lessThan": "*", "versionType": "rpm"}], "packageName": "ansible-automation-platform/ee-29-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8"], "vendor": "Red Hat", "product": "Ansible Automation Platform Execution Environments", "versions": [{"status": "unaffected", "version": "2.17.6-1", "lessThan": "*", "versionType": "rpm"}], "packageName": "ansible-automation-platform/ee-minimal-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform:ee::el9", "cpe:/a:redhat:ansible_automation_platform:ee::el8"], "vendor": "Red Hat", "product": "Ansible Automation Platform Execution Environments", "versions": [{"status": "unaffected", "version": "2.17.6-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "ansible-automation-platform/ee-minimal-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:discovery:1.0::el9"], "vendor": "Red Hat", "product": "Discovery 1 for RHEL 9", "versions": [{"status": "unaffected", "version": "1.12.0-1", "lessThan": "*", "versionType": "rpm"}], "packageName": "discovery/discovery-server-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:discovery:1.0::el9"], "vendor": "Red Hat", "product": "Discovery 1 for RHEL 9", "versions": [{"status": "unaffected", "version": "1.12.0-1", "lessThan": "*", "versionType": "rpm"}], "packageName": "discovery/discovery-ui-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8"], "vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "1:2.15.13-1.el8ap", "lessThan": "*", "versionType": "rpm"}], "packageName": "ansible-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8", "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8", "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9", "cpe:/a:redhat:ansible_automation_platform:2.4::el8"], "vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "1:2.15.13-1.el9ap", "lessThan": "*", "versionType": "rpm"}], "packageName": "ansible-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el9"], "vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "versions": [{"status": "unaffected", "version": "1:2.16.13-1.el8ap", "lessThan": "*", "versionType": "rpm"}], "packageName": "ansible-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "cpe:/a:redhat:ansible_automation_platform:2.5::el9"], "vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "versions": [{"status": "unaffected", "version": "1:2.16.13-1.el9ap", "lessThan": "*", "versionType": "rpm"}], "packageName": "ansible-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux_ai:1"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux AI (RHEL AI)", "packageName": "rhelai1/bootc-nvidia-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-09-13T08:31:27.781000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-09-13T08:35:00+00:00", "value": "Made public."}], "datePublic": "2024-09-13T08:35:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:10762", "name": "RHSA-2024:10762", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:8969", "name": "RHSA-2024:8969", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:9894", "name": "RHSA-2024:9894", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1249", "name": "RHSA-2025:1249", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-8775", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312119", "name": "RHBZ#2312119", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/advisories/GHSA-jpxc-vmjf-9fcj"}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "descriptions": [{"lang": "en", "value": "A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-03-14T14:43:44.402Z"}, "x_redhatCweChain": "CWE-532: Insertion of Sensitive Information into Log File"}}, "cveMetadata": {"cveId": "CVE-2024-8775", "state": "PUBLISHED", "dateUpdated": "2025-03-14T14:43:44.402Z", "dateReserved": "2024-09-13T09:06:07.367Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-09-14T02:15:14.907Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Ansible, donde la informaci\u00f3n confidencial almacenada en archivos de Ansible Vault puede quedar expuesta en texto plano durante la ejecuci\u00f3n de un playbook. Esto ocurre cuando se usan tareas como include_vars para cargar variables almacenadas sin configurar el par\u00e1metro no_log: true, lo que da como resultado que se impriman datos confidenciales en la salida o los registros del playbook. Esto puede provocar la divulgaci\u00f3n involuntaria de secretos como contrase\u00f1as o claves API, lo que compromete la seguridad y potencialmente permite el acceso o las acciones no autorizadas."}], "id": "CVE-2024-8775", "lastModified": "2025-02-10T19:15:39.603", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-09-14T03:15:08.987", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:10762"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:8969"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:9894"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1249"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-8775"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312119"}, {"source": "secalert@redhat.com", "url": "https://github.com/advisories/GHSA-jpxc-vmjf-9fcj"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:8969", "cpe": "cpe:/a:redhat:ansible_automation_platform:ee::el8", "package": "ansible-automation-platform/ansible-builder-rhel8:1.2.0-91", "product_name": "Ansible Automation Platform Execution Environments", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8969", "cpe": "cpe:/a:redhat:ansible_automation_platform:ee::el8", "package": "ansible-automation-platform/ansible-builder-rhel9:3.0.1-95", "product_name": "Ansible Automation Platform Execution Environments", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8969", "cpe": "cpe:/a:redhat:ansible_automation_platform:ee::el8", "package": "ansible-automation-platform/ee-29-rhel8:2.9.27-32", "product_name": "Ansible Automation Platform Execution Environments", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8969", "cpe": "cpe:/a:redhat:ansible_automation_platform:ee::el8", "package": "ansible-automation-platform/ee-minimal-rhel8:2.18.0-1", "product_name": "Ansible Automation Platform Execution Environments", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2024:8969", "cpe": "cpe:/a:redhat:ansible_automation_platform:ee::el8", "package": "ansible-automation-platform/ee-minimal-rhel9:2.17.6-2", "product_name": "Ansible Automation Platform Execution Environments", "release_date": "2024-11-06T00:00:00Z"}, {"advisory": "RHSA-2025:1249", "cpe": "cpe:/o:redhat:discovery:1.0::el9", "package": "discovery/discovery-server-rhel9:1.12.0-1", "product_name": "Discovery 1 for RHEL 9", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1249", "cpe": "cpe:/o:redhat:discovery:1.0::el9", "package": "discovery/discovery-ui-rhel9:1.12.0-1", "product_name": "Discovery 1 for RHEL 9", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2024:10762", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-core-1:2.15.13-1.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-03T00:00:00Z"}, {"advisory": "RHSA-2024:10762", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package": "ansible-core-1:2.15.13-1.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date": "2024-12-03T00:00:00Z"}, {"advisory": "RHSA-2024:9894", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-core-1:2.16.13-1.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2024-11-18T00:00:00Z"}, {"advisory": "RHSA-2024:9894", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package": "ansible-core-1:2.16.13-1.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date": "2024-11-18T00:00:00Z"}], "bugzilla": {"description": "ansible-core: Exposure of Sensitive Information in Ansible Vault Files Due to Improper Logging", "id": "2312119", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312119"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-532", "details": ["A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.", "A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-8775", "package_state": [{"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Fix deferred", "package_name": "rhelai1/bootc-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}], "public_date": "2024-09-13T08:35:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-8775\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-8775\nhttps://github.com/advisories/GHSA-jpxc-vmjf-9fcj"], "statement": "This issue is classified as moderate rather than important because while it does expose sensitive information during playbook execution, the exposure is limited to logs and output generated during the run, which is typically accessible only to authorized users with sufficient privileges. The flaw does not result in an immediate or direct compromise of systems, as no remote exploitation vector is introduced. Additionally, the risk can be mitigated through proper configuration (`no_log: true`) and access control measures, reducing the likelihood of unauthorized access to the logged data. However, the unintentional disclosure of secrets like passwords or API keys still presents a potential risk for privilege escalation or lateral movement within an environment, justifying a moderate severity rating.", "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object