-
-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Latest data: Tue Sep 17 08:04:49 UTC 2024
- Loading branch information
github.actions
committed
Sep 17, 2024
1 parent
37e9988
commit 6d99a9f
Showing
11 changed files
with
1,497 additions
and
41 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,293 @@ | ||
| [ | ||
| { | ||
| "package": { | ||
| "name": "ansible-core", | ||
| "version": "2.17.4", | ||
| "ecosystem": "PyPI" | ||
| }, | ||
| "dependency_groups": [ | ||
| "ansible-lint-requirements" | ||
| ], | ||
| "vulnerabilities": [ | ||
| { | ||
| "modified": "2024-09-16T23:12:33Z", | ||
| "published": "2024-09-16T14:37:26Z", | ||
| "schema_version": "1.6.0", | ||
| "id": "GHSA-jpxc-vmjf-9fcj", | ||
| "aliases": [ | ||
| "CVE-2024-8775" | ||
| ], | ||
| "summary": "Ansible vulnerable to Insertion of Sensitive Information into Log File", | ||
| "details": "A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "ecosystem": "PyPI", | ||
| "name": "ansible-core", | ||
| "purl": "pkg:pypi/ansible-core" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "ECOSYSTEM", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "last_affected": "2.17.4" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "versions": [ | ||
| "0.0.1a1", | ||
| "2.11.0", | ||
| "2.11.0b1", | ||
| "2.11.0b2", | ||
| "2.11.0b3", | ||
| "2.11.0b4", | ||
| "2.11.0rc1", | ||
| "2.11.0rc2", | ||
| "2.11.1", | ||
| "2.11.10", | ||
| "2.11.10rc1", | ||
| "2.11.11", | ||
| "2.11.11rc1", | ||
| "2.11.12", | ||
| "2.11.12rc1", | ||
| "2.11.1rc1", | ||
| "2.11.2", | ||
| "2.11.2rc1", | ||
| "2.11.3", | ||
| "2.11.3rc1", | ||
| "2.11.4", | ||
| "2.11.4rc1", | ||
| "2.11.5", | ||
| "2.11.5rc1", | ||
| "2.11.6", | ||
| "2.11.6rc1", | ||
| "2.11.7", | ||
| "2.11.7rc1", | ||
| "2.11.8", | ||
| "2.11.8rc1", | ||
| "2.11.9", | ||
| "2.11.9rc1", | ||
| "2.12.0", | ||
| "2.12.0b1", | ||
| "2.12.0b2", | ||
| "2.12.0rc1", | ||
| "2.12.1", | ||
| "2.12.10", | ||
| "2.12.10rc1", | ||
| "2.12.1rc1", | ||
| "2.12.2", | ||
| "2.12.2rc1", | ||
| "2.12.3", | ||
| "2.12.3rc1", | ||
| "2.12.4", | ||
| "2.12.4rc1", | ||
| "2.12.5", | ||
| "2.12.5rc1", | ||
| "2.12.6", | ||
| "2.12.6rc1", | ||
| "2.12.7", | ||
| "2.12.7rc1", | ||
| "2.12.8", | ||
| "2.12.8rc1", | ||
| "2.12.9", | ||
| "2.12.9rc1", | ||
| "2.13.0", | ||
| "2.13.0b0", | ||
| "2.13.0b1", | ||
| "2.13.0rc1", | ||
| "2.13.1", | ||
| "2.13.10", | ||
| "2.13.10rc1", | ||
| "2.13.11", | ||
| "2.13.11rc1", | ||
| "2.13.12", | ||
| "2.13.12rc1", | ||
| "2.13.13", | ||
| "2.13.13rc1", | ||
| "2.13.1rc1", | ||
| "2.13.2", | ||
| "2.13.2rc1", | ||
| "2.13.3", | ||
| "2.13.3rc1", | ||
| "2.13.4", | ||
| "2.13.4rc1", | ||
| "2.13.5", | ||
| "2.13.5rc1", | ||
| "2.13.6", | ||
| "2.13.6rc1", | ||
| "2.13.7", | ||
| "2.13.7rc1", | ||
| "2.13.8", | ||
| "2.13.8rc1", | ||
| "2.13.9", | ||
| "2.13.9rc1", | ||
| "2.14.0", | ||
| "2.14.0b1", | ||
| "2.14.0b2", | ||
| "2.14.0b3", | ||
| "2.14.0rc1", | ||
| "2.14.0rc1.post0", | ||
| "2.14.0rc2", | ||
| "2.14.1", | ||
| "2.14.10", | ||
| "2.14.10rc1", | ||
| "2.14.11", | ||
| "2.14.11rc1", | ||
| "2.14.12", | ||
| "2.14.12rc1", | ||
| "2.14.13", | ||
| "2.14.14", | ||
| "2.14.14rc1", | ||
| "2.14.15", | ||
| "2.14.15rc1", | ||
| "2.14.16", | ||
| "2.14.16rc1", | ||
| "2.14.17", | ||
| "2.14.17rc1", | ||
| "2.14.1rc1", | ||
| "2.14.2", | ||
| "2.14.2rc1", | ||
| "2.14.3", | ||
| "2.14.3rc1", | ||
| "2.14.4", | ||
| "2.14.4rc1", | ||
| "2.14.5", | ||
| "2.14.5rc1", | ||
| "2.14.6", | ||
| "2.14.6rc1", | ||
| "2.14.7", | ||
| "2.14.7rc1", | ||
| "2.14.8", | ||
| "2.14.8rc1", | ||
| "2.14.9", | ||
| "2.14.9rc1", | ||
| "2.15.0", | ||
| "2.15.0b1", | ||
| "2.15.0b2", | ||
| "2.15.0b3", | ||
| "2.15.0rc1", | ||
| "2.15.0rc2", | ||
| "2.15.1", | ||
| "2.15.10", | ||
| "2.15.10rc1", | ||
| "2.15.11", | ||
| "2.15.11rc1", | ||
| "2.15.12", | ||
| "2.15.12rc1", | ||
| "2.15.1rc1", | ||
| "2.15.2", | ||
| "2.15.2rc1", | ||
| "2.15.3", | ||
| "2.15.3rc1", | ||
| "2.15.4", | ||
| "2.15.4rc1", | ||
| "2.15.5", | ||
| "2.15.5rc1", | ||
| "2.15.6", | ||
| "2.15.6rc1", | ||
| "2.15.7", | ||
| "2.15.7rc1", | ||
| "2.15.8", | ||
| "2.15.9", | ||
| "2.15.9rc1", | ||
| "2.16.0", | ||
| "2.16.0b1", | ||
| "2.16.0b2", | ||
| "2.16.0rc1", | ||
| "2.16.1", | ||
| "2.16.10", | ||
| "2.16.10rc1", | ||
| "2.16.11", | ||
| "2.16.11rc1", | ||
| "2.16.1rc1", | ||
| "2.16.2", | ||
| "2.16.3", | ||
| "2.16.3rc1", | ||
| "2.16.4", | ||
| "2.16.4rc1", | ||
| "2.16.5", | ||
| "2.16.5rc1", | ||
| "2.16.6", | ||
| "2.16.7", | ||
| "2.16.7rc1", | ||
| "2.16.8", | ||
| "2.16.8rc1", | ||
| "2.16.9", | ||
| "2.16.9rc1", | ||
| "2.17.0", | ||
| "2.17.0b1", | ||
| "2.17.0rc1", | ||
| "2.17.0rc2", | ||
| "2.17.1", | ||
| "2.17.1rc1", | ||
| "2.17.2", | ||
| "2.17.2rc1", | ||
| "2.17.2rc2", | ||
| "2.17.3", | ||
| "2.17.3rc1", | ||
| "2.17.4", | ||
| "2.17.4rc1" | ||
| ], | ||
| "database_specific": { | ||
| "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-jpxc-vmjf-9fcj/GHSA-jpxc-vmjf-9fcj.json" | ||
| } | ||
| } | ||
| ], | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" | ||
| }, | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8775" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://access.redhat.com/security/cve/CVE-2024-8775" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312119" | ||
| }, | ||
| { | ||
| "type": "PACKAGE", | ||
| "url": "https://github.com/ansible/ansible" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-532" | ||
| ], | ||
| "github_reviewed": true, | ||
| "github_reviewed_at": "2024-09-16T22:49:05Z", | ||
| "nvd_published_at": "2024-09-14T03:15:08Z", | ||
| "severity": "MODERATE" | ||
| } | ||
| } | ||
| ], | ||
| "groups": [ | ||
| { | ||
| "ids": [ | ||
| "GHSA-jpxc-vmjf-9fcj" | ||
| ], | ||
| "aliases": [ | ||
| "CVE-2024-8775", | ||
| "GHSA-jpxc-vmjf-9fcj" | ||
| ], | ||
| "max_severity": "7.1" | ||
| } | ||
| ] | ||
| } | ||
| ] |
Oops, something went wrong.