x/vulndb: potential Go vuln in github.com/ansible/ansible: CVE-2024-0690 #2533

GoVulnBot · 2024-02-06T14:01:32Z

CVE-2024-0690 references github.com/ansible/ansible, which may be a Go module.

Description:
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.

References:

Cross references:

Module github.com/ansible/ansible appears in issue x/vulndb: potential Go vuln in github.com/ansible/ansible: CVE-2018-16859 #2213 LEGACY_FALSE_POSITIVE
Module github.com/ansible/ansible appears in issue x/vulndb: potential Go vuln in github.com/ansible/ansible: CVE-2018-16876 #2214 LEGACY_FALSE_POSITIVE
Module github.com/ansible/ansible appears in issue x/vulndb: potential Go vuln in github.com/ansible/ansible: CVE-2019-10156 #2223 LEGACY_FALSE_POSITIVE
Module github.com/ansible/ansible appears in issue x/vulndb: potential Go vuln in github.com/ansible/ansible: CVE-2019-10217 #2228 LEGACY_FALSE_POSITIVE
Module github.com/ansible/ansible appears in issue x/vulndb: potential Go vuln in github.com/ansible/ansible: CVE-2019-14846 #2238 LEGACY_FALSE_POSITIVE
Module github.com/ansible/ansible appears in issue x/vulndb: potential Go vuln in github.com/ansible/ansible: CVE-2019-14864 #2239 LEGACY_FALSE_POSITIVE
Module github.com/ansible/ansible appears in issue x/vulndb: potential Go vuln in github.com/ansible/ansible: CVE-2019-14904 #2240 LEGACY_FALSE_POSITIVE
Module github.com/ansible/ansible appears in issue x/vulndb: potential Go vuln in github.com/ansible/ansible: CVE-2019-3828 #2255 LEGACY_FALSE_POSITIVE
Module github.com/ansible/ansible appears in issue x/vulndb: potential Go vuln in github.com/ansible/ansible: CVE-2020-10685 #2262 LEGACY_FALSE_POSITIVE
Module github.com/ansible/ansible appears in issue x/vulndb: potential Go vuln in github.com/ansible/ansible: CVE-2020-10691 #2263 LEGACY_FALSE_POSITIVE
Module github.com/ansible/ansible appears in issue x/vulndb: potential Go vuln in github.com/ansible/ansible: CVE-2020-14332 #2278 LEGACY_FALSE_POSITIVE
Module github.com/ansible/ansible appears in issue x/vulndb: potential Go vuln in github.com/ansible/ansible: CVE-2020-1746 #2285 LEGACY_FALSE_POSITIVE

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/ansible/ansible
      vulnerable_at: 2.15.5+incompatible
      packages:
        - package: ansible
cves:
    - CVE-2024-0690
references:
    - web: https://access.redhat.com/security/cve/CVE-2024-0690
    - web: https://bugzilla.redhat.com/show_bug.cgi?id=2259013
    - fix: https://github.com/ansible/ansible/pull/82565

The text was updated successfully, but these errors were encountered:

neild · 2024-02-08T00:14:59Z

Python program.

gopherbot · 2024-02-28T16:25:11Z

Change https://go.dev/cl/567817 mentions this issue: data/excluded: batch add 15 excluded reports

neild self-assigned this Feb 8, 2024

neild added the excluded: NOT_GO_CODE This vulnerability does not refer to a Go module. label Feb 8, 2024

gopherbot closed this as completed in 00eae41 Feb 28, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/ansible/ansible: CVE-2024-0690 #2533

x/vulndb: potential Go vuln in github.com/ansible/ansible: CVE-2024-0690 #2533

GoVulnBot commented Feb 6, 2024

neild commented Feb 8, 2024

gopherbot commented Feb 28, 2024

x/vulndb: potential Go vuln in github.com/ansible/ansible: CVE-2024-0690 #2533

x/vulndb: potential Go vuln in github.com/ansible/ansible: CVE-2024-0690 #2533

Comments

GoVulnBot commented Feb 6, 2024

neild commented Feb 8, 2024

gopherbot commented Feb 28, 2024