CVE-2024-8775

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Sep 14, 2024
CWE ID 532

Summary

CVE-2024-8775 is a vulnerability in Ansible that exposes sensitive information stored in Ansible Vault files in plaintext when executing playbooks. The issue arises specifically during the use of tasks like include_vars without the no_log: true parameter, which can lead to sensitive data, such as passwords or API keys, being displayed in logs or output. Affected products include various versions of Ansible that utilize vaulted variables. To remediate this vulnerability, users should ensure that the no_log: true option is set for tasks that handle vaulted variables to prevent unintended disclosures. The potential danger posed by this vulnerability includes unauthorized access and actions due to the exposure of critical secrets, resulting in significant security risks for organizations.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share