Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2024-8775

created 4 months, 3 weeks ago

Ansible: exposure of sensitive information in ansible vault files due to improper logging

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.

Affected products

ansible

ansible-core

=<2.17.4
*

ee-29-container

*

ee-minimal-container

*

ansible-builder-container

*

discovery-server-container

rhelai1/bootc-nvidia-rhel9

discovery/discovery-ui-rhel9

*

discovery/discovery-server-rhel9

*

ansible-automation-platform/ee-29-rhel8

*

ansible-automation-platform/ee-minimal-rhel8

*

ansible-automation-platform/ee-minimal-rhel9

*

ansible-automation-platform/ansible-builder-rhel8

*

ansible-automation-platform/ansible-builder-rhel9

*

Matching in nixpkgs

pkgs.ansible-cmdb

Generate host overview from ansible fact gathering output

nixos-unstable -
- nixpkgs-unstable 1.31

pkgs.ansible-lint

Best practices checker for Ansible

nixos-unstable -
- nixpkgs-unstable 25.8.2

pkgs.ansible_2_16

Radically simple IT automation

nixos-unstable -
- nixpkgs-unstable 2.16.14

pkgs.ansible_2_17

Radically simple IT automation

nixos-unstable -
- nixpkgs-unstable 2.17.8

pkgs.ansible_2_18

Radically simple IT automation

nixos-unstable -
- nixpkgs-unstable 2.18.8

pkgs.ansible_2_19

Radically simple IT automation

nixos-unstable -
- nixpkgs-unstable 2.19.2

pkgs.ansible-doctor

Annotation based documentation for your Ansible roles

nixos-unstable -
- nixpkgs-unstable 7.2.0

pkgs.ansible-builder

Ansible execution environment builder

nixos-unstable -
- nixpkgs-unstable 3.1.0

pkgs.ansible-navigator

Text-based user interface (TUI) for Ansible

nixos-unstable -
- nixpkgs-unstable 25.8.0

pkgs.ansible-language-server

Ansible Language Server

nixos-unstable -
- nixpkgs-unstable 1.2.1

pkgs.python312Packages.ansible

Radically simple IT automation

nixos-unstable -
- nixpkgs-unstable 11.9.0

pkgs.python313Packages.ansible

Radically simple IT automation

nixos-unstable -
- nixpkgs-unstable 11.9.0

pkgs.terraform-providers.ansible

None

nixos-unstable -
- nixpkgs-unstable 1.0.4

pkgs.python312Packages.ansible-core

Radically simple IT automation

nixos-unstable -
- nixpkgs-unstable 2.19.2

pkgs.python313Packages.ansible-core

Radically simple IT automation

nixos-unstable -
- nixpkgs-unstable 2.19.2

pkgs.python312Packages.ansible-compat

Function collection that help interacting with various versions of Ansible

nixos-unstable -
- nixpkgs-unstable 25.8.1

pkgs.python312Packages.ansible-kernel

Ansible kernel for Jupyter

nixos-unstable -
- nixpkgs-unstable 1.0.0

pkgs.python312Packages.ansible-runner

Helps when interfacing with Ansible

nixos-unstable -
- nixpkgs-unstable 2.4.1

pkgs.python312Packages.pytest-ansible

Plugin for pytest to simplify calling ansible modules from tests or fixtures

nixos-unstable -
- nixpkgs-unstable 25.8.0

pkgs.python313Packages.ansible-compat

Function collection that help interacting with various versions of Ansible

nixos-unstable -
- nixpkgs-unstable 25.8.1

pkgs.python313Packages.ansible-kernel

Ansible kernel for Jupyter

nixos-unstable -
- nixpkgs-unstable 1.0.0

pkgs.python313Packages.ansible-runner

Helps when interfacing with Ansible

nixos-unstable -
- nixpkgs-unstable 2.4.1

pkgs.python313Packages.pytest-ansible

Plugin for pytest to simplify calling ansible modules from tests or fixtures

nixos-unstable -
- nixpkgs-unstable 25.8.0

pkgs.vscode-extensions.redhat.ansible

Ansible language support

nixos-unstable -
- nixpkgs-unstable 25.8.1

pkgs.python312Packages.ansible-builder

Ansible execution environment builder

nixos-unstable -
- nixpkgs-unstable 3.1.0

pkgs.python313Packages.ansible-builder

Ansible execution environment builder

nixos-unstable -
- nixpkgs-unstable 3.1.0

pkgs.python312Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

nixos-unstable -
- nixpkgs-unstable 1.2.2

pkgs.python312Packages.ansible-vault-rw

This project aim to R/W an ansible-vault yaml file

nixos-unstable -
- nixpkgs-unstable 2.1.0

pkgs.python313Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

nixos-unstable -
- nixpkgs-unstable 1.2.2

pkgs.python313Packages.ansible-vault-rw

This project aim to R/W an ansible-vault yaml file

nixos-unstable -
- nixpkgs-unstable 2.1.0

pkgs.python312Packages.jinja2-ansible-filters

Jinja2 Ansible Filters

nixos-unstable -
- nixpkgs-unstable jinja2-ansible-filters-1.3.2

pkgs.python313Packages.jinja2-ansible-filters

Jinja2 Ansible Filters

nixos-unstable -
- nixpkgs-unstable jinja2-ansible-filters-1.3.2

Package maintainers

@HarisDotParis Haris <nix.dev@haris.paris>
@robsliwi Robert Sliwinski <r@sliwi.org>
@Melkor333 Samuel Ruprecht <samuel@ton-kunst.ch>
@tie Ivan Trubach <mr.trubach@icloud.com>
@tboerger Thomas Boerger <thomas@webhippie.de>
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@sengaya Thilo Uttendorfer <tlo@sengaya.de>
@dawidd6 Dawid Dziurla <dawidd0811@gmail.com>
@geluk Johan Geluk <johan+nix@geluk.io>
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>
@StillerHarpo Florian Engel <engelflorian@posteo.de>
@tjni Theodore Ni <43ngvg@masqt.com>
@TheMaxMur Maxim Muravev <muravjev.mak@yandex.ru>