Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-8775 (GCVE-0-2024-8775)
Vulnerability from cvelistv5 – Published: 2024-09-14 02:15 – Updated: 2025-11-06 23:17
VLAI
EPSS
Title
Ansible-core: exposure of sensitive information in ansible vault files due to improper logging
Summary
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.
Severity
5.5 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2024:10762 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:8969 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:9894 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2025:1249 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2024-8775 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2312119 | issue-trackingx_refsource_REDHAT |
| https://github.com/advisories/GHSA-jpxc-vmjf-9fcj |
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
1.0.0 , ≤ 2.17.4
(semver)
|
|||
| Red Hat | Ansible Automation Platform Execution Environments |
Unaffected:
3.0.1-96 , < *
(rpm)
cpe:/a:redhat:ansible_core:2::el8 cpe:/a:redhat:ansible_core:2::el9 |
|
| Red Hat | Ansible Automation Platform Execution Environments |
Unaffected:
3.0.1-95 , < *
(rpm)
cpe:/a:redhat:ansible_core:2::el8 cpe:/a:redhat:ansible_core:2::el9 |
|
| Red Hat | Ansible Automation Platform Execution Environments |
Unaffected:
2.9.27-32 , < *
(rpm)
cpe:/a:redhat:ansible_core:2::el8 cpe:/a:redhat:ansible_core:2::el9 |
|
| Red Hat | Ansible Automation Platform Execution Environments |
Unaffected:
2.14.13-21 , < *
(rpm)
cpe:/a:redhat:ansible_core:2::el8 cpe:/a:redhat:ansible_core:2::el9 |
|
| Red Hat | Ansible Automation Platform Execution Environments |
Unaffected:
2.17.6-2 , < *
(rpm)
cpe:/a:redhat:ansible_core:2::el8 cpe:/a:redhat:ansible_core:2::el9 |
|
| Red Hat | Discovery 1 for RHEL 9 |
Unaffected:
1.12.0-1 , < *
(rpm)
cpe:/o:redhat:discovery:1.0::el9 |
|
| Red Hat | Discovery 1 for RHEL 9 |
Unaffected:
1.12.0-1 , < *
(rpm)
cpe:/o:redhat:discovery:1.0::el9 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 8 |
Unaffected:
1:2.15.13-1.el8ap , < *
(rpm)
cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 9 |
Unaffected:
1:2.15.13-1.el9ap , < *
(rpm)
cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 8 |
Unaffected:
1:2.16.13-1.el8ap , < *
(rpm)
cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9 cpe:/a:redhat:ansible_automation_platform:2.5::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8 cpe:/a:redhat:ansible_automation_platform:2.5::el8 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 9 |
Unaffected:
1:2.16.13-1.el9ap , < *
(rpm)
cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9 cpe:/a:redhat:ansible_automation_platform:2.5::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8 cpe:/a:redhat:ansible_automation_platform:2.5::el8 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux AI (RHEL AI) |
cpe:/a:redhat:enterprise_linux_ai:1 |
Date Public
2024-09-13 08:35
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8775",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T14:21:23.423396Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T14:29:01.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:33:00.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/ansible/ansible",
"defaultStatus": "unaffected",
"packageName": "ansible-core",
"versions": [
{
"lessThanOrEqual": "2.17.4",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_core:2::el8",
"cpe:/a:redhat:ansible_core:2::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform/ansible-builder-rhel8",
"product": "Ansible Automation Platform Execution Environments",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.0.1-96",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_core:2::el8",
"cpe:/a:redhat:ansible_core:2::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform/ansible-builder-rhel9",
"product": "Ansible Automation Platform Execution Environments",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.0.1-95",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_core:2::el8",
"cpe:/a:redhat:ansible_core:2::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform/ee-29-rhel8",
"product": "Ansible Automation Platform Execution Environments",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.9.27-32",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_core:2::el8",
"cpe:/a:redhat:ansible_core:2::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform/ee-minimal-rhel8",
"product": "Ansible Automation Platform Execution Environments",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.14.13-21",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_core:2::el8",
"cpe:/a:redhat:ansible_core:2::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform/ee-minimal-rhel9",
"product": "Ansible Automation Platform Execution Environments",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.17.6-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/o:redhat:discovery:1.0::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-server-rhel9",
"product": "Discovery 1 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.12.0-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/o:redhat:discovery:1.0::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-ui-rhel9",
"product": "Discovery 1 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.12.0-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:2.15.13-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:2.15.13-1.el9ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform:2.5::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:2.16.13-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform:2.5::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:2.16.13-1.el9ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:1"
],
"defaultStatus": "affected",
"packageName": "rhelai1/bootc-nvidia-rhel9",
"product": "Red Hat Enterprise Linux AI (RHEL AI)",
"vendor": "Red Hat"
}
],
"datePublic": "2024-09-13T08:35:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T23:17:04.821Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:10762",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:10762"
},
{
"name": "RHSA-2024:8969",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:8969"
},
{
"name": "RHSA-2024:9894",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:9894"
},
{
"name": "RHSA-2025:1249",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:1249"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-8775"
},
{
"name": "RHBZ#2312119",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312119"
},
{
"url": "https://github.com/advisories/GHSA-jpxc-vmjf-9fcj"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-13T08:31:27.781Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-09-13T08:35:00.000Z",
"value": "Made public."
}
],
"title": "Ansible-core: exposure of sensitive information in ansible vault files due to improper logging",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-532: Insertion of Sensitive Information into Log File"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-8775",
"datePublished": "2024-09-14T02:15:14.907Z",
"dateReserved": "2024-09-13T09:06:07.367Z",
"dateUpdated": "2025-11-06T23:17:04.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-8775",
"date": "2026-05-26",
"epss": "0.00036",
"percentile": "0.10923"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 una falla en Ansible, donde la informaci\\u00f3n confidencial almacenada en archivos de Ansible Vault puede quedar expuesta en texto plano durante la ejecuci\\u00f3n de un playbook. Esto ocurre cuando se usan tareas como include_vars para cargar variables almacenadas sin configurar el par\\u00e1metro no_log: true, lo que da como resultado que se impriman datos confidenciales en la salida o los registros del playbook. Esto puede provocar la divulgaci\\u00f3n involuntaria de secretos como contrase\\u00f1as o claves API, lo que compromete la seguridad y potencialmente permite el acceso o las acciones no autorizadas.\"}]",
"id": "CVE-2024-8775",
"lastModified": "2025-01-10T22:15:26.527",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
"published": "2024-09-14T03:15:08.987",
"references": "[{\"url\": \"https://access.redhat.com/errata/RHSA-2024:10762\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8969\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:9894\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-8775\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2312119\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://github.com/advisories/GHSA-jpxc-vmjf-9fcj\", \"source\": \"secalert@redhat.com\"}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-532\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-8775\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2024-09-14T03:15:08.987\",\"lastModified\":\"2025-11-03T23:17:32.503\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una falla en Ansible, donde la informaci\u00f3n confidencial almacenada en archivos de Ansible Vault puede quedar expuesta en texto plano durante la ejecuci\u00f3n de un playbook. Esto ocurre cuando se usan tareas como include_vars para cargar variables almacenadas sin configurar el par\u00e1metro no_log: true, lo que da como resultado que se impriman datos confidenciales en la salida o los registros del playbook. Esto puede provocar la divulgaci\u00f3n involuntaria de secretos como contrase\u00f1as o claves API, lo que compromete la seguridad y potencialmente permite el acceso o las acciones no autorizadas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2024:10762\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:8969\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:9894\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:1249\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2024-8775\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2312119\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/advisories/GHSA-jpxc-vmjf-9fcj\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/11/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2024/11/msg00021.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T22:33:00.432Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-8775\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-16T14:21:23.423396Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-16T14:28:57.342Z\"}}], \"cna\": {\"title\": \"Ansible-core: exposure of sensitive information in ansible vault files due to improper logging\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.17.4\"}], \"packageName\": \"ansible-core\", \"collectionURL\": \"https://github.com/ansible/ansible\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_core:2::el8\", \"cpe:/a:redhat:ansible_core:2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Ansible Automation Platform Execution Environments\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"3.0.1-96\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"ansible-automation-platform/ansible-builder-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_core:2::el8\", \"cpe:/a:redhat:ansible_core:2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Ansible Automation Platform Execution Environments\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"3.0.1-95\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"ansible-automation-platform/ansible-builder-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_core:2::el8\", \"cpe:/a:redhat:ansible_core:2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Ansible Automation Platform Execution Environments\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"2.9.27-32\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"ansible-automation-platform/ee-29-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_core:2::el8\", \"cpe:/a:redhat:ansible_core:2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Ansible Automation Platform Execution Environments\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"2.14.13-21\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"ansible-automation-platform/ee-minimal-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_core:2::el8\", \"cpe:/a:redhat:ansible_core:2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Ansible Automation Platform Execution Environments\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"2.17.6-2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"ansible-automation-platform/ee-minimal-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:discovery:1.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Discovery 1 for RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.12.0-1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"discovery/discovery-server-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:discovery:1.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Discovery 1 for RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.12.0-1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"discovery/discovery-ui-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8\", \"cpe:/a:redhat:ansible_automation_platform:2.4::el8\", \"cpe:/a:redhat:ansible_automation_platform:2.4::el9\", \"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8\", \"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.4 for RHEL 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1:2.15.13-1.el8ap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"ansible-core\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8\", \"cpe:/a:redhat:ansible_automation_platform:2.4::el8\", \"cpe:/a:redhat:ansible_automation_platform:2.4::el9\", \"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8\", \"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.4 for RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1:2.15.13-1.el9ap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"ansible-core\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9\", \"cpe:/a:redhat:ansible_automation_platform:2.5::el9\", \"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9\", \"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8\", \"cpe:/a:redhat:ansible_automation_platform:2.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.5 for RHEL 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1:2.16.13-1.el8ap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"ansible-core\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9\", \"cpe:/a:redhat:ansible_automation_platform:2.5::el9\", \"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9\", \"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8\", \"cpe:/a:redhat:ansible_automation_platform:2.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.5 for RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1:2.16.13-1.el9ap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"ansible-core\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"packageName\": \"ansible-core\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux_ai:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AI (RHEL AI)\", \"packageName\": \"rhelai1/bootc-nvidia-rhel9\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-09-13T08:31:27.781000+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2024-09-13T08:35:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2024-09-13T08:35:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2024:10762\", \"name\": \"RHSA-2024:10762\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8969\", \"name\": \"RHSA-2024:8969\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:9894\", \"name\": \"RHSA-2024:9894\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:1249\", \"name\": \"RHSA-2025:1249\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-8775\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2312119\", \"name\": \"RHBZ#2312119\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://github.com/advisories/GHSA-jpxc-vmjf-9fcj\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-532\", \"description\": \"Insertion of Sensitive Information into Log File\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-11-06T23:17:04.821Z\"}, \"x_redhatCweChain\": \"CWE-532: Insertion of Sensitive Information into Log File\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-8775\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-06T23:17:04.821Z\", \"dateReserved\": \"2024-09-13T09:06:07.367Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2024-09-14T02:15:14.907Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
BDU:2025-09010
Vulnerability from fstec - Published: 13.09.2024
VLAI
Title
Уязвимость системы управления конфигурациями Ansible, связанная с раскрытием информации через файлы журналов, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Description
Уязвимость системы управления конфигурациями Ansible связана с раскрытием информации через файлы журналов. Эксплуатация уязвимости может позволить нарушителю получить несанкционированный доступ к защищаемой информации
Severity
Vendor
Novell Inc., Сообщество свободного программного обеспечения, ООО «Ред Софт», ООО «РусБИТех-Астра», Red Hat Inc., Ansible
Software Name
OpenSUSE Leap, openSUSE Tumbleweed, Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), Red Hat Enterprise Linux AI, Red Hat Enterprise Linux, Ansible Engine, Ansible Automation Platform Execution Environments, Discovery, Ansible Automation Platform
Software Version
15.5 (OpenSUSE Leap), - (openSUSE Tumbleweed), 15.3 (OpenSUSE Leap), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 15.4 (OpenSUSE Leap), 15.6 (OpenSUSE Leap), 1.8 (Astra Linux Special Edition), - (Red Hat Enterprise Linux AI), 10 (Red Hat Enterprise Linux), до 2.16.13 (Ansible Engine), от 2.17.0b1 до 2.17.6 (Ansible Engine), - (Ansible Automation Platform Execution Environments), 1 for RHEL 9 (Discovery), 2.4 for RHEL 8 (Ansible Automation Platform), 2.4 for RHEL 9 (Ansible Automation Platform), 2.5 for RHEL 8 (Ansible Automation Platform), 2.5 for RHEL 9 (Ansible Automation Platform), 3.8 (Astra Linux Special Edition)
Possible Mitigations
В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года.
Использование рекомендаций:
Для Ansible:
https://access.redhat.com/errata/RHSA-2024:10762
https://access.redhat.com/errata/RHSA-2024:8969
https://access.redhat.com/errata/RHSA-2024:9894
https://access.redhat.com/errata/RHSA-2025:1249
https://access.redhat.com/security/cve/CVE-2024-8775
https://bugzilla.redhat.com/show_bug.cgi?id=2312119
https://github.com/advisories/GHSA-jpxc-vmjf-9fcj
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2024-8775
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2024-8775
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2024-8775.html
Для ОС Astra Linux:
обновить пакет ansible-core до 2.18.3-1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18
Для ОС Astra Linux:
обновить пакет ansible до 2.10.7+merged+base+2.10.17+dfsg-0+deb11u2+astra1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17
Для ОС Astra Linux:
обновить пакет ansible до 2.10.7+merged+base+2.10.17+dfsg-0+deb11u2+astra1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE47
Для ОС Astra Linux:
обновить пакет ansible-core до 2.18.3-1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38
Для ОС Astra Linux:
обновить пакет ansible-core до 2.18.3-1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38
Reference
https://access.redhat.com/errata/RHSA-2024:10762
https://access.redhat.com/errata/RHSA-2024:8969
https://access.redhat.com/errata/RHSA-2024:9894
https://access.redhat.com/errata/RHSA-2025:1249
https://access.redhat.com/security/cve/CVE-2024-8775
https://bugzilla.redhat.com/show_bug.cgi?id=2312119
https://github.com/advisories/GHSA-jpxc-vmjf-9fcj
https://redos.red-soft.ru/support/secure/
https://access.redhat.com/security/cve/cve-2024-8775
https://security-tracker.debian.org/tracker/CVE-2024-8775
https://www.suse.com/security/cve/CVE-2024-8775.html
https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE118
https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38
https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38
CWE
CWE-532
{
"CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Red Hat Inc., Ansible",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "15.5 (OpenSUSE Leap), - (openSUSE Tumbleweed), 15.3 (OpenSUSE Leap), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 15.4 (OpenSUSE Leap), 15.6 (OpenSUSE Leap), 1.8 (Astra Linux Special Edition), - (Red Hat Enterprise Linux AI), 10 (Red Hat Enterprise Linux), \u0434\u043e 2.16.13 (Ansible Engine), \u043e\u0442 2.17.0b1 \u0434\u043e 2.17.6 (Ansible Engine), - (Ansible Automation Platform Execution Environments), 1 for RHEL 9 (Discovery), 2.4 for RHEL 8 (Ansible Automation Platform), 2.4 for RHEL 9 (Ansible Automation Platform), 2.5 for RHEL 8 (Ansible Automation Platform), 2.5 for RHEL 9 (Ansible Automation Platform), 3.8 (Astra Linux Special Edition)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Ansible:\nhttps://access.redhat.com/errata/RHSA-2024:10762\t\nhttps://access.redhat.com/errata/RHSA-2024:8969\t\nhttps://access.redhat.com/errata/RHSA-2024:9894\t\nhttps://access.redhat.com/errata/RHSA-2025:1249\t\nhttps://access.redhat.com/security/cve/CVE-2024-8775\t\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2312119\t\nhttps://github.com/advisories/GHSA-jpxc-vmjf-9fcj\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2024-8775\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2024-8775\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2024-8775.html\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 ansible-core \u0434\u043e 2.18.3-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 ansible \u0434\u043e 2.10.7+merged+base+2.10.17+dfsg-0+deb11u2+astra1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 ansible \u0434\u043e 2.10.7+merged+base+2.10.17+dfsg-0+deb11u2+astra1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE47\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 ansible-core \u0434\u043e 2.18.3-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 ansible-core \u0434\u043e 2.18.3-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.02.2026",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.07.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-09010",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-8775",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "OpenSUSE Leap, openSUSE Tumbleweed, Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Enterprise Linux AI, Red Hat Enterprise Linux, Ansible Engine, Ansible Automation Platform Execution Environments, Discovery, Ansible Automation Platform",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Novell Inc. OpenSUSE Leap 15.5 , Novell Inc. openSUSE Tumbleweed - , Novell Inc. OpenSUSE Leap 15.3 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. OpenSUSE Leap 15.4 , Novell Inc. OpenSUSE Leap 15.6 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.8 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux AI - , Red Hat Inc. Red Hat Enterprise Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 3.8 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f\u043c\u0438 Ansible, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u0444\u0430\u0439\u043b\u044b \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b (CWE-532)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f\u043c\u0438 Ansible \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u0444\u0430\u0439\u043b\u044b \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/errata/RHSA-2024:10762\nhttps://access.redhat.com/errata/RHSA-2024:8969\nhttps://access.redhat.com/errata/RHSA-2024:9894\nhttps://access.redhat.com/errata/RHSA-2025:1249\nhttps://access.redhat.com/security/cve/CVE-2024-8775\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2312119\nhttps://github.com/advisories/GHSA-jpxc-vmjf-9fcj\nhttps://redos.red-soft.ru/support/secure/\nhttps://access.redhat.com/security/cve/cve-2024-8775\nhttps://security-tracker.debian.org/tracker/CVE-2024-8775\nhttps://www.suse.com/security/cve/CVE-2024-8775.html\nhttps://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE118\nhttps://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38\nhttps://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-532",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)"
}
CERTFR-2026-AVI-0627
Vulnerability from certfr_avis - Published: 2026-05-21 - Updated: 2026-05-21
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.2.x antérieures à 10.2.3 | ||
| Splunk | N/A | Splunk AI Toolkit versions 5.7.x antérieures à 5.7.3 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.3.2411 antérieures à 9.3.2411.129 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.3.2512 antérieures à 10.3.2512.9 | ||
| Splunk | Splunk | image Docker Splunk versions 10.2.x antérieures à 10.2.2 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.4.2603 antérieures à 10.4.2603.1 | ||
| Splunk | Splunk AppDynamics Database Agent | Splunk AppDynamics Database Agent versions antérieures à 26.4.0 | ||
| Splunk | Splunk | image Docker Splunk versions 9.4.x antérieures à 9.4.10 | ||
| Splunk | Splunk User Behavior Analytics (UBA) | Splunk User Behavior Analytics versions 5.4.x antérieures à 5.4.5 | ||
| Splunk | Splunk AppDynamics Private Synthetic Agent | Splunk AppDynamics Private Synthetic Agent versions antérieures à 26.4.0 | ||
| Splunk | Splunk AppDynamics Analytics Agent | Splunk AppDynamics Analytics Agent versions antérieures à 26.4.0 | ||
| Splunk | N/A | Splunk AppDynamics Cluster Agent versions antérieures à 26.4.0 | ||
| Splunk | Splunk AppDynamics Machine Agent | Splunk AppDynamics Machine Agent versions antérieures à 26.4.0 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.2.2510 antérieures à 10.2.2510.11 | ||
| Splunk | N/A | Splunk AppDynamics Python Agent versions antérieures à 26.4.1 | ||
| Splunk | Splunk | image Docker Splunk versions 10.0.x antérieures à 10.0.5 | ||
| Splunk | N/A | Splunk Add-on for Tomcat versions 3.3.x antérieures à 3.3.1 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.1.2507 antérieures à 10.1.2507.21 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.0.x antérieures à 10.0.6 | ||
| Splunk | N/A | Splunk AppDynamics Apache Web Server Agent versions 25.11.x antérieures à 25.11.1 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.4.x antérieures à 9.4.11 | ||
| Splunk | Splunk | image Docker Splunk versions 9.3.x antérieures à 9.3.11 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.0.2503 antérieures à 10.0.2503.13 | ||
| Splunk | Universal Forwarder | Splunk Universal Forwarder versions 9.4.x antérieures à 9.4.11 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.3.x antérieures à 9.3.12 | ||
| Splunk | Splunk AppDynamics Java Agent | Splunk AppDynamics Java Agent versions antérieures à 26.4.0 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk Enterprise versions 10.2.x ant\u00e9rieures \u00e0 10.2.3",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AI Toolkit versions 5.7.x ant\u00e9rieures \u00e0 5.7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.129",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.3.2512 ant\u00e9rieures \u00e0 10.3.2512.9",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "image Docker Splunk versions 10.2.x ant\u00e9rieures \u00e0 10.2.2",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.4.2603 ant\u00e9rieures \u00e0 10.4.2603.1",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Database Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Database Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "image Docker Splunk versions 9.4.x ant\u00e9rieures \u00e0 9.4.10",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk User Behavior Analytics versions 5.4.x ant\u00e9rieures \u00e0 5.4.5",
"product": {
"name": "Splunk User Behavior Analytics (UBA)",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Private Synthetic Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Private Synthetic Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Analytics Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Analytics Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Cluster Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Machine Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Machine Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.2.2510 ant\u00e9rieures \u00e0 10.2.2510.11",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Python Agent versions ant\u00e9rieures \u00e0 26.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "image Docker Splunk versions 10.0.x ant\u00e9rieures \u00e0 10.0.5",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Add-on for Tomcat versions 3.3.x ant\u00e9rieures \u00e0 3.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.1.2507 ant\u00e9rieures \u00e0 10.1.2507.21",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.6",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Apache Web Server Agent versions 25.11.x ant\u00e9rieures \u00e0 25.11.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.4.x ant\u00e9rieures \u00e0 9.4.11",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "image Docker Splunk versions 9.3.x ant\u00e9rieures \u00e0 9.3.11",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.0.2503 ant\u00e9rieures \u00e0 10.0.2503.13",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Universal Forwarder versions 9.4.x ant\u00e9rieures \u00e0 9.4.11",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.12",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Java Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Java Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2025-58436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58436"
},
{
"name": "CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2026-32777",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32777"
},
{
"name": "CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"name": "CVE-2024-5321",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5321"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2026-41324",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41324"
},
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2026-42308",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42308"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2025-29775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29775"
},
{
"name": "CVE-2026-3543",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3543"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"name": "CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"name": "CVE-2025-15282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15282"
},
{
"name": "CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"name": "CVE-2026-22737",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2025-68384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68384"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"name": "CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"name": "CVE-2026-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21637"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2026-22801",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22801"
},
{
"name": "CVE-2026-42309",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42309"
},
{
"name": "CVE-2023-49082",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49082"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"name": "CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-29774",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29774"
},
{
"name": "CVE-2025-28164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-28164"
},
{
"name": "CVE-2026-3540",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3540"
},
{
"name": "CVE-2024-10220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10220"
},
{
"name": "CVE-2024-45339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45339"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2025-46762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46762"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2025-68156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68156"
},
{
"name": "CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"name": "CVE-2026-32288",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32288"
},
{
"name": "CVE-2022-45868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45868"
},
{
"name": "CVE-2025-69223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69223"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-30065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30065"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2024-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12086"
},
{
"name": "CVE-2024-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
},
{
"name": "CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"name": "CVE-2026-34876",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34876"
},
{
"name": "CVE-2025-4432",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4432"
},
{
"name": "CVE-2023-5590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5590"
},
{
"name": "CVE-2025-11468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11468"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"name": "CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"name": "CVE-2026-27456",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27456"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-58060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58060"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2026-1605",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1605"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2026-3061",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3061"
},
{
"name": "CVE-2026-27171",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27171"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2026-3731",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3731"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2026-35469",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35469"
},
{
"name": "CVE-2026-3062",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3062"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2020-10650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2026-1861",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1861"
},
{
"name": "CVE-2025-66516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66516"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-2251",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2251"
},
{
"name": "CVE-2026-25833",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25833"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2025-49844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49844"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2024-58251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58251"
},
{
"name": "CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"name": "CVE-2025-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"name": "CVE-2026-22690",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22690"
},
{
"name": "CVE-2025-55130",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55130"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2022-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2021-35516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35516"
},
{
"name": "CVE-2026-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3544"
},
{
"name": "CVE-2024-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12084"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2020-13949",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
},
{
"name": "CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"name": "CVE-2026-2648",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2648"
},
{
"name": "CVE-2023-47627",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47627"
},
{
"name": "CVE-2026-40200",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40200"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2026-27025",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27025"
},
{
"name": "CVE-2025-55131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55131"
},
{
"name": "CVE-2026-32778",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32778"
},
{
"name": "CVE-2026-5121",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5121"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-27210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"name": "CVE-2024-41996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41996"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-59465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59465"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2026-21715",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21715"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2026-34073",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34073"
},
{
"name": "CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"name": "CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2019-10202",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
},
{
"name": "CVE-2026-25834",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25834"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2026-3537",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3537"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-69225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69225"
},
{
"name": "CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"name": "CVE-2026-27024",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27024"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2021-35517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
},
{
"name": "CVE-2026-4424",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4424"
},
{
"name": "CVE-2025-67030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67030"
},
{
"name": "CVE-2026-34877",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34877"
},
{
"name": "CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"name": "CVE-2026-27142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
},
{
"name": "CVE-2026-28389",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28389"
},
{
"name": "CVE-2021-23358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2026-34875",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34875"
},
{
"name": "CVE-2026-21717",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21717"
},
{
"name": "CVE-2025-64505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
},
{
"name": "CVE-2025-69227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69227"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2021-28165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
},
{
"name": "CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"name": "CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2026-34478",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34478"
},
{
"name": "CVE-2026-33055",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33055"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2025-11143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
},
{
"name": "CVE-2026-34480",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
},
{
"name": "CVE-2017-7658",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7658"
},
{
"name": "CVE-2026-27699",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27699"
},
{
"name": "CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"name": "CVE-2025-47911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47911"
},
{
"name": "CVE-2025-28162",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-28162"
},
{
"name": "CVE-2023-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22946"
},
{
"name": "CVE-2026-33228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2026-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
},
{
"name": "CVE-2025-13151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13151"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2026-21716",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21716"
},
{
"name": "CVE-2025-64506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64506"
},
{
"name": "CVE-2024-53899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53899"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2026-28351",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28351"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2025-14174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14174"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2024-30251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30251"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2026-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2650"
},
{
"name": "CVE-2026-3541",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3541"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2021-37136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
},
{
"name": "CVE-2018-12022",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
},
{
"name": "CVE-2026-3539",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3539"
},
{
"name": "CVE-2026-34874",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34874"
},
{
"name": "CVE-2026-21712",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21712"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"name": "CVE-2024-27306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27306"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2024-8775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8775"
},
{
"name": "CVE-2026-3538",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3538"
},
{
"name": "CVE-2025-55159",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55159"
},
{
"name": "CVE-2025-55132",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55132"
},
{
"name": "CVE-2026-22702",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22702"
},
{
"name": "CVE-2025-46394",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46394"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-13836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2025-68390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68390"
},
{
"name": "CVE-2024-11079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11079"
},
{
"name": "CVE-2026-22732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2026-25210",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25210"
},
{
"name": "CVE-2026-28387",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28387"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2026-28388",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28388"
},
{
"name": "CVE-2026-40192",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40192"
},
{
"name": "CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2026-32289",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32289"
},
{
"name": "CVE-2026-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0865"
},
{
"name": "CVE-2026-21714",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21714"
},
{
"name": "CVE-2024-12087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12087"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2026-4111",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4111"
},
{
"name": "CVE-2026-24515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24515"
},
{
"name": "CVE-2024-26130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26130"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2026-2441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2441"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2025-69228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69228"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2025-1948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
},
{
"name": "CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"name": "CVE-2025-27553",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27553"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2026-27888",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27888"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2026-33056",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33056"
},
{
"name": "CVE-2026-25835",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25835"
},
{
"name": "CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2017-7657",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7657"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"name": "CVE-2026-0965",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0965"
},
{
"name": "CVE-2020-36242",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2022-40023",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40023"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2026-34872",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34872"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2024-29371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2026-3542",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3542"
},
{
"name": "CVE-2023-49081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49081"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2026-34871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34871"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-69226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69226"
},
{
"name": "CVE-2026-3536",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3536"
},
{
"name": "CVE-2026-28390",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28390"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2024-32650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32650"
},
{
"name": "CVE-2026-34873",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34873"
},
{
"name": "CVE-2026-6042",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6042"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"name": "CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2026-0967",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0967"
},
{
"name": "CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-59466",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59466"
},
{
"name": "CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2026-21713",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21713"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2018-12023",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12023"
},
{
"name": "CVE-2026-0968",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0968"
},
{
"name": "CVE-2026-27140",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27140"
},
{
"name": "CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"name": "CVE-2024-52304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52304"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2023-5408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5408"
},
{
"name": "CVE-2025-69277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69277"
},
{
"name": "CVE-2026-25541",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25541"
},
{
"name": "CVE-2026-31789",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31789"
},
{
"name": "CVE-2026-22735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
},
{
"name": "CVE-2026-42311",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42311"
},
{
"name": "CVE-2026-20239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20239"
},
{
"name": "CVE-2025-24855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
},
{
"name": "CVE-2026-3063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3063"
},
{
"name": "CVE-2019-0210",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0210"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2024-27308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27308"
},
{
"name": "CVE-2026-42310",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42310"
},
{
"name": "CVE-2026-22695",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22695"
},
{
"name": "CVE-2026-27139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
},
{
"name": "CVE-2026-20240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20240"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"name": "CVE-2025-66566",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66566"
},
{
"name": "CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"name": "CVE-2017-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7656"
},
{
"name": "CVE-2026-27026",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27026"
},
{
"name": "CVE-2026-2673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2673"
},
{
"name": "CVE-2018-20225",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20225"
},
{
"name": "CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"name": "CVE-2024-12088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12088"
},
{
"name": "CVE-2025-14819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14819"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2026-27141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27141"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2026-1584",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1584"
},
{
"name": "CVE-2026-20238",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20238"
},
{
"name": "CVE-2024-23829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23829"
},
{
"name": "CVE-2025-59464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59464"
},
{
"name": "CVE-2025-30153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30153"
},
{
"name": "CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2025-69229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69229"
},
{
"name": "CVE-2021-35515",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35515"
},
{
"name": "CVE-2026-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3545"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2026-28804",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28804"
},
{
"name": "CVE-2026-34477",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34477"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2026-2649",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2649"
},
{
"name": "CVE-2024-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
},
{
"name": "CVE-2025-37731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37731"
},
{
"name": "CVE-2026-24688",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24688"
},
{
"name": "CVE-2026-32776",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32776"
},
{
"name": "CVE-2025-12183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12183"
},
{
"name": "CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"name": "CVE-2025-68119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68119"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2022-23491",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2026-22691",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22691"
},
{
"name": "CVE-2026-27628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27628"
},
{
"name": "CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2026-31790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2025-14831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14831"
},
{
"name": "CVE-2024-23334",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23334"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2026-21710",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21710"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"name": "CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"initial_release_date": "2026-05-21T00:00:00",
"last_revision_date": "2026-05-21T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0627",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0512",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0512"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0513",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0513"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0509",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0509"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0510",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0510"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0505",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0505"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0515",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0515"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0507",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0507"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0506",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0506"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0508",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0508"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0504",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0504"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0514",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0514"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0516",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0516"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0501",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0501"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0503",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0503"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0511",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0511"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0502",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0502"
}
]
}
FKIE_CVE-2024-8775
Vulnerability from fkie_nvd - Published: 2024-09-14 03:15 - Updated: 2026-04-15 00:35
Severity
Summary
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2024:10762 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2024:8969 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2024:9894 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2025:1249 | ||
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2024-8775 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2312119 | ||
| secalert@redhat.com | https://github.com/advisories/GHSA-jpxc-vmjf-9fcj | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/11/msg00021.html |
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en Ansible, donde la informaci\u00f3n confidencial almacenada en archivos de Ansible Vault puede quedar expuesta en texto plano durante la ejecuci\u00f3n de un playbook. Esto ocurre cuando se usan tareas como include_vars para cargar variables almacenadas sin configurar el par\u00e1metro no_log: true, lo que da como resultado que se impriman datos confidenciales en la salida o los registros del playbook. Esto puede provocar la divulgaci\u00f3n involuntaria de secretos como contrase\u00f1as o claves API, lo que compromete la seguridad y potencialmente permite el acceso o las acciones no autorizadas."
}
],
"id": "CVE-2024-8775",
"lastModified": "2026-04-15T00:35:42.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
},
"published": "2024-09-14T03:15:08.987",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:10762"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:8969"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:9894"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:1249"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/security/cve/CVE-2024-8775"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312119"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/advisories/GHSA-jpxc-vmjf-9fcj"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00021.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
}
GHSA-JPXC-VMJF-9FCJ
Vulnerability from github – Published: 2024-09-16 14:37 – Updated: 2025-11-04 00:31
VLAI
Summary
Ansible vulnerable to Insertion of Sensitive Information into Log File
Details
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.
Severity
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ansible-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.17.0b1"
},
{
"fixed": "2.17.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "ansible-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.16.13"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-8775"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2024-09-16T22:49:05Z",
"nvd_published_at": "2024-09-14T03:15:08Z",
"severity": "HIGH"
},
"details": "A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.",
"id": "GHSA-jpxc-vmjf-9fcj",
"modified": "2025-11-04T00:31:25Z",
"published": "2024-09-16T14:37:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8775"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/8a87e1c5d37422bc99d27ad4237d185cc233e035"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:10762"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:8969"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:9894"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:1249"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-8775"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312119"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-jpxc-vmjf-9fcj"
},
{
"type": "PACKAGE",
"url": "https://github.com/ansible/ansible"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/blob/v2.16.13/changelogs/CHANGELOG-v2.16.rst#security-fixes"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/blob/v2.17.6/changelogs/CHANGELOG-v2.17.rst#security-fixes"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00021.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Ansible vulnerable to Insertion of Sensitive Information into Log File"
}
MSRC_CVE-2024-8775
Vulnerability from csaf_microsoft - Published: 2024-09-01 07:00 - Updated: 2026-02-18 14:28Summary
Ansible-core: exposure of sensitive information in ansible vault files due to improper logging
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
5.5 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 19586-17084 | — | ||
| Unresolved product id: 17822-17084 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2024/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2024/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2024-8775 Ansible-core: exposure of sensitive information in ansible vault files due to improper logging - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-8775.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Ansible-core: exposure of sensitive information in ansible vault files due to improper logging",
"tracking": {
"current_release_date": "2026-02-18T14:28:31.000Z",
"generator": {
"date": "2026-02-21T02:56:48.553Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2024-8775",
"initial_release_date": "2024-09-01T07:00:00.000Z",
"revision_history": [
{
"date": "2025-07-11T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-02-18T14:28:31.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 ansible 2.17.11-1",
"product": {
"name": "\u003cazl3 ansible 2.17.11-1",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 ansible 2.17.11-1",
"product": {
"name": "azl3 ansible 2.17.11-1",
"product_id": "19586"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 ansible 2.17.0-1",
"product": {
"name": "\u003cazl3 ansible 2.17.0-1",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "azl3 ansible 2.17.0-1",
"product": {
"name": "azl3 ansible 2.17.0-1",
"product_id": "17822"
}
},
{
"category": "product_version_range",
"name": "cbl2 ansible 2.14.18-1",
"product": {
"name": "cbl2 ansible 2.14.18-1",
"product_id": "1"
}
},
{
"category": "product_version_range",
"name": "cbl2 ansible 2.14.18-1",
"product": {
"name": "cbl2 ansible 2.14.18-1",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "ansible"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 ansible 2.17.11-1 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 ansible 2.17.11-1 as a component of Azure Linux 3.0",
"product_id": "19586-17084"
},
"product_reference": "19586",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 ansible 2.17.0-1 as a component of Azure Linux 3.0",
"product_id": "17084-4"
},
"product_reference": "4",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 ansible 2.17.0-1 as a component of Azure Linux 3.0",
"product_id": "17822-17084"
},
"product_reference": "17822",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 ansible 2.14.18-1 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 ansible 2.14.18-1 as a component of CBL Mariner 2.0",
"product_id": "17086-3"
},
"product_reference": "3",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-8775",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"notes": [
{
"category": "general",
"text": "redhat",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"19586-17084",
"17822-17084"
],
"known_affected": [
"17084-2",
"17084-4",
"17086-1",
"17086-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-8775 Ansible-core: exposure of sensitive information in ansible vault files due to improper logging - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-8775.json"
}
],
"remediations": [
{
"category": "none_available",
"date": "2025-07-11T00:00:00.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-1"
]
},
{
"category": "none_available",
"date": "2025-07-11T00:00:00.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-3"
]
},
{
"category": "vendor_fix",
"date": "2025-07-11T00:00:00.000Z",
"details": "2.17.11-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-2",
"17084-4"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"17084-2",
"17084-4",
"17086-1",
"17086-3"
]
}
],
"title": "Ansible-core: exposure of sensitive information in ansible vault files due to improper logging"
}
]
}
OPENSUSE-SU-2024:14498-1
Vulnerability from csaf_opensuse - Published: 2024-11-15 00:00 - Updated: 2024-11-15 00:00Summary
ansible-core-2.17.6-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: ansible-core-2.17.6-1.1 on GA media
Description of the patch: These are all security issues fixed in the ansible-core-2.17.6-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-14498
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2024-8775/ | self |
| https://www.suse.com/security/cve/CVE-2024-9902/ | self |
| https://www.suse.com/security/cve/CVE-2024-8775 | external |
| https://bugzilla.suse.com/1230601 | external |
| https://www.suse.com/security/cve/CVE-2024-9902 | external |
| https://bugzilla.suse.com/1233000 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ansible-core-2.17.6-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ansible-core-2.17.6-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14498",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14498-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-8775 page",
"url": "https://www.suse.com/security/cve/CVE-2024-8775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-9902 page",
"url": "https://www.suse.com/security/cve/CVE-2024-9902/"
}
],
"title": "ansible-core-2.17.6-1.1 on GA media",
"tracking": {
"current_release_date": "2024-11-15T00:00:00Z",
"generator": {
"date": "2024-11-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14498-1",
"initial_release_date": "2024-11-15T00:00:00Z",
"revision_history": [
{
"date": "2024-11-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ansible-core-2.17.6-1.1.aarch64",
"product": {
"name": "ansible-core-2.17.6-1.1.aarch64",
"product_id": "ansible-core-2.17.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ansible-test-2.17.6-1.1.aarch64",
"product": {
"name": "ansible-test-2.17.6-1.1.aarch64",
"product_id": "ansible-test-2.17.6-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-core-2.17.6-1.1.ppc64le",
"product": {
"name": "ansible-core-2.17.6-1.1.ppc64le",
"product_id": "ansible-core-2.17.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ansible-test-2.17.6-1.1.ppc64le",
"product": {
"name": "ansible-test-2.17.6-1.1.ppc64le",
"product_id": "ansible-test-2.17.6-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-core-2.17.6-1.1.s390x",
"product": {
"name": "ansible-core-2.17.6-1.1.s390x",
"product_id": "ansible-core-2.17.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ansible-test-2.17.6-1.1.s390x",
"product": {
"name": "ansible-test-2.17.6-1.1.s390x",
"product_id": "ansible-test-2.17.6-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-core-2.17.6-1.1.x86_64",
"product": {
"name": "ansible-core-2.17.6-1.1.x86_64",
"product_id": "ansible-core-2.17.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ansible-test-2.17.6-1.1.x86_64",
"product": {
"name": "ansible-test-2.17.6-1.1.x86_64",
"product_id": "ansible-test-2.17.6-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-2.17.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-core-2.17.6-1.1.aarch64"
},
"product_reference": "ansible-core-2.17.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-2.17.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-core-2.17.6-1.1.ppc64le"
},
"product_reference": "ansible-core-2.17.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-2.17.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-core-2.17.6-1.1.s390x"
},
"product_reference": "ansible-core-2.17.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-2.17.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-core-2.17.6-1.1.x86_64"
},
"product_reference": "ansible-core-2.17.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-2.17.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-test-2.17.6-1.1.aarch64"
},
"product_reference": "ansible-test-2.17.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-2.17.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-test-2.17.6-1.1.ppc64le"
},
"product_reference": "ansible-test-2.17.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-2.17.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-test-2.17.6-1.1.s390x"
},
"product_reference": "ansible-test-2.17.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-2.17.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-test-2.17.6-1.1.x86_64"
},
"product_reference": "ansible-test-2.17.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-8775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-8775"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-core-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.17.6-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.17.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-8775",
"url": "https://www.suse.com/security/cve/CVE-2024-8775"
},
{
"category": "external",
"summary": "SUSE Bug 1230601 for CVE-2024-8775",
"url": "https://bugzilla.suse.com/1230601"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-core-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.17.6-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.17.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-core-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.17.6-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.17.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-8775"
},
{
"cve": "CVE-2024-9902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-9902"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user\u0027s home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-core-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.17.6-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.17.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-9902",
"url": "https://www.suse.com/security/cve/CVE-2024-9902"
},
{
"category": "external",
"summary": "SUSE Bug 1233000 for CVE-2024-9902",
"url": "https://bugzilla.suse.com/1233000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-core-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.17.6-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.17.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-core-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.17.6-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.17.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-9902"
}
]
}
OPENSUSE-SU-2024:14499-1
Vulnerability from csaf_opensuse - Published: 2024-11-15 00:00 - Updated: 2024-11-15 00:00Summary
ansible-core-2.16-2.16.13-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: ansible-core-2.16-2.16.13-1.1 on GA media
Description of the patch: These are all security issues fixed in the ansible-core-2.16-2.16.13-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-14499
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
10 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://www.suse.com/security/cve/CVE-2024-8775/ | self |
| https://www.suse.com/security/cve/CVE-2024-9902/ | self |
| https://www.suse.com/security/cve/CVE-2024-8775 | external |
| https://bugzilla.suse.com/1230601 | external |
| https://www.suse.com/security/cve/CVE-2024-9902 | external |
| https://bugzilla.suse.com/1233000 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ansible-core-2.16-2.16.13-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ansible-core-2.16-2.16.13-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14499",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14499-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2024:14499-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XTBTIR7I4SBPWDHPDYOHZRKGP6BL5NCR/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2024:14499-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XTBTIR7I4SBPWDHPDYOHZRKGP6BL5NCR/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-8775 page",
"url": "https://www.suse.com/security/cve/CVE-2024-8775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-9902 page",
"url": "https://www.suse.com/security/cve/CVE-2024-9902/"
}
],
"title": "ansible-core-2.16-2.16.13-1.1 on GA media",
"tracking": {
"current_release_date": "2024-11-15T00:00:00Z",
"generator": {
"date": "2024-11-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14499-1",
"initial_release_date": "2024-11-15T00:00:00Z",
"revision_history": [
{
"date": "2024-11-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ansible-core-2.16-2.16.13-1.1.aarch64",
"product": {
"name": "ansible-core-2.16-2.16.13-1.1.aarch64",
"product_id": "ansible-core-2.16-2.16.13-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ansible-test-2.16-2.16.13-1.1.aarch64",
"product": {
"name": "ansible-test-2.16-2.16.13-1.1.aarch64",
"product_id": "ansible-test-2.16-2.16.13-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-core-2.16-2.16.13-1.1.ppc64le",
"product": {
"name": "ansible-core-2.16-2.16.13-1.1.ppc64le",
"product_id": "ansible-core-2.16-2.16.13-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ansible-test-2.16-2.16.13-1.1.ppc64le",
"product": {
"name": "ansible-test-2.16-2.16.13-1.1.ppc64le",
"product_id": "ansible-test-2.16-2.16.13-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-core-2.16-2.16.13-1.1.s390x",
"product": {
"name": "ansible-core-2.16-2.16.13-1.1.s390x",
"product_id": "ansible-core-2.16-2.16.13-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ansible-test-2.16-2.16.13-1.1.s390x",
"product": {
"name": "ansible-test-2.16-2.16.13-1.1.s390x",
"product_id": "ansible-test-2.16-2.16.13-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-core-2.16-2.16.13-1.1.x86_64",
"product": {
"name": "ansible-core-2.16-2.16.13-1.1.x86_64",
"product_id": "ansible-core-2.16-2.16.13-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ansible-test-2.16-2.16.13-1.1.x86_64",
"product": {
"name": "ansible-test-2.16-2.16.13-1.1.x86_64",
"product_id": "ansible-test-2.16-2.16.13-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-2.16-2.16.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.aarch64"
},
"product_reference": "ansible-core-2.16-2.16.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-2.16-2.16.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.ppc64le"
},
"product_reference": "ansible-core-2.16-2.16.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-2.16-2.16.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.s390x"
},
"product_reference": "ansible-core-2.16-2.16.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-2.16-2.16.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.x86_64"
},
"product_reference": "ansible-core-2.16-2.16.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-2.16-2.16.13-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.aarch64"
},
"product_reference": "ansible-test-2.16-2.16.13-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-2.16-2.16.13-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.ppc64le"
},
"product_reference": "ansible-test-2.16-2.16.13-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-2.16-2.16.13-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.s390x"
},
"product_reference": "ansible-test-2.16-2.16.13-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-2.16-2.16.13-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.x86_64"
},
"product_reference": "ansible-test-2.16-2.16.13-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-8775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-8775"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-8775",
"url": "https://www.suse.com/security/cve/CVE-2024-8775"
},
{
"category": "external",
"summary": "SUSE Bug 1230601 for CVE-2024-8775",
"url": "https://bugzilla.suse.com/1230601"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-8775"
},
{
"cve": "CVE-2024-9902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-9902"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user\u0027s home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-9902",
"url": "https://www.suse.com/security/cve/CVE-2024-9902"
},
{
"category": "external",
"summary": "SUSE Bug 1233000 for CVE-2024-9902",
"url": "https://bugzilla.suse.com/1233000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.16-2.16.13-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.16-2.16.13-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-9902"
}
]
}
OPENSUSE-SU-2024:14537-1
Vulnerability from csaf_opensuse - Published: 2024-12-02 00:00 - Updated: 2024-12-02 00:00Summary
ansible-core-2.17-2.17.6-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: ansible-core-2.17-2.17.6-1.1 on GA media
Description of the patch: These are all security issues fixed in the ansible-core-2.17-2.17.6-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-14537
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.6 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.1 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
19 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://www.suse.com/security/cve/CVE-2023-5115/ | self |
| https://www.suse.com/security/cve/CVE-2023-5764/ | self |
| https://www.suse.com/security/cve/CVE-2024-0690/ | self |
| https://www.suse.com/security/cve/CVE-2024-8775/ | self |
| https://www.suse.com/security/cve/CVE-2024-9902/ | self |
| https://www.suse.com/security/cve/CVE-2023-5115 | external |
| https://bugzilla.suse.com/1215606 | external |
| https://www.suse.com/security/cve/CVE-2023-5764 | external |
| https://bugzilla.suse.com/1216854 | external |
| https://www.suse.com/security/cve/CVE-2024-0690 | external |
| https://bugzilla.suse.com/1219002 | external |
| https://www.suse.com/security/cve/CVE-2024-8775 | external |
| https://bugzilla.suse.com/1230601 | external |
| https://www.suse.com/security/cve/CVE-2024-9902 | external |
| https://bugzilla.suse.com/1233000 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ansible-core-2.17-2.17.6-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ansible-core-2.17-2.17.6-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14537",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14537-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2024:14537-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2Y6RFLPB54N7XR7AP7A2DEXGLBEDEQJU/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2024:14537-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2Y6RFLPB54N7XR7AP7A2DEXGLBEDEQJU/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5115 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5764 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-0690 page",
"url": "https://www.suse.com/security/cve/CVE-2024-0690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-8775 page",
"url": "https://www.suse.com/security/cve/CVE-2024-8775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-9902 page",
"url": "https://www.suse.com/security/cve/CVE-2024-9902/"
}
],
"title": "ansible-core-2.17-2.17.6-1.1 on GA media",
"tracking": {
"current_release_date": "2024-12-02T00:00:00Z",
"generator": {
"date": "2024-12-02T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14537-1",
"initial_release_date": "2024-12-02T00:00:00Z",
"revision_history": [
{
"date": "2024-12-02T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ansible-core-2.17-2.17.6-1.1.aarch64",
"product": {
"name": "ansible-core-2.17-2.17.6-1.1.aarch64",
"product_id": "ansible-core-2.17-2.17.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ansible-test-2.17-2.17.6-1.1.aarch64",
"product": {
"name": "ansible-test-2.17-2.17.6-1.1.aarch64",
"product_id": "ansible-test-2.17-2.17.6-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-core-2.17-2.17.6-1.1.ppc64le",
"product": {
"name": "ansible-core-2.17-2.17.6-1.1.ppc64le",
"product_id": "ansible-core-2.17-2.17.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ansible-test-2.17-2.17.6-1.1.ppc64le",
"product": {
"name": "ansible-test-2.17-2.17.6-1.1.ppc64le",
"product_id": "ansible-test-2.17-2.17.6-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-core-2.17-2.17.6-1.1.s390x",
"product": {
"name": "ansible-core-2.17-2.17.6-1.1.s390x",
"product_id": "ansible-core-2.17-2.17.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ansible-test-2.17-2.17.6-1.1.s390x",
"product": {
"name": "ansible-test-2.17-2.17.6-1.1.s390x",
"product_id": "ansible-test-2.17-2.17.6-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-core-2.17-2.17.6-1.1.x86_64",
"product": {
"name": "ansible-core-2.17-2.17.6-1.1.x86_64",
"product_id": "ansible-core-2.17-2.17.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ansible-test-2.17-2.17.6-1.1.x86_64",
"product": {
"name": "ansible-test-2.17-2.17.6-1.1.x86_64",
"product_id": "ansible-test-2.17-2.17.6-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-2.17-2.17.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.aarch64"
},
"product_reference": "ansible-core-2.17-2.17.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-2.17-2.17.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.ppc64le"
},
"product_reference": "ansible-core-2.17-2.17.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-2.17-2.17.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.s390x"
},
"product_reference": "ansible-core-2.17-2.17.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-2.17-2.17.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.x86_64"
},
"product_reference": "ansible-core-2.17-2.17.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-2.17-2.17.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.aarch64"
},
"product_reference": "ansible-test-2.17-2.17.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-2.17-2.17.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.ppc64le"
},
"product_reference": "ansible-test-2.17-2.17.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-2.17-2.17.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.s390x"
},
"product_reference": "ansible-test-2.17-2.17.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-2.17-2.17.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.x86_64"
},
"product_reference": "ansible-test-2.17-2.17.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5115"
}
],
"notes": [
{
"category": "general",
"text": "An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5115",
"url": "https://www.suse.com/security/cve/CVE-2023-5115"
},
{
"category": "external",
"summary": "SUSE Bug 1215606 for CVE-2023-5115",
"url": "https://bugzilla.suse.com/1215606"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-5115"
},
{
"cve": "CVE-2023-5764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5764"
}
],
"notes": [
{
"category": "general",
"text": "A template injection flaw was found in Ansible where a user\u0027s controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5764",
"url": "https://www.suse.com/security/cve/CVE-2023-5764"
},
{
"category": "external",
"summary": "SUSE Bug 1216854 for CVE-2023-5764",
"url": "https://bugzilla.suse.com/1216854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-5764"
},
{
"cve": "CVE-2024-0690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-0690"
}
],
"notes": [
{
"category": "general",
"text": "An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-0690",
"url": "https://www.suse.com/security/cve/CVE-2024-0690"
},
{
"category": "external",
"summary": "SUSE Bug 1219002 for CVE-2024-0690",
"url": "https://bugzilla.suse.com/1219002"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-0690"
},
{
"cve": "CVE-2024-8775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-8775"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-8775",
"url": "https://www.suse.com/security/cve/CVE-2024-8775"
},
{
"category": "external",
"summary": "SUSE Bug 1230601 for CVE-2024-8775",
"url": "https://bugzilla.suse.com/1230601"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-8775"
},
{
"cve": "CVE-2024-9902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-9902"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user\u0027s home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-9902",
"url": "https://www.suse.com/security/cve/CVE-2024-9902"
},
{
"category": "external",
"summary": "SUSE Bug 1233000 for CVE-2024-9902",
"url": "https://bugzilla.suse.com/1233000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.17-2.17.6-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.17-2.17.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-02T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-9902"
}
]
}
OPENSUSE-SU-2025:15638-1
Vulnerability from csaf_opensuse - Published: 2025-10-16 00:00 - Updated: 2025-10-16 00:00Summary
ansible-core-2.18-2.18.10-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: ansible-core-2.18-2.18.10-2.1 on GA media
Description of the patch: These are all security issues fixed in the ansible-core-2.18-2.18.10-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15638
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.6 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.1 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
20 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2023-5115/ | self |
| https://www.suse.com/security/cve/CVE-2023-5764/ | self |
| https://www.suse.com/security/cve/CVE-2024-0690/ | self |
| https://www.suse.com/security/cve/CVE-2024-11079/ | self |
| https://www.suse.com/security/cve/CVE-2024-8775/ | self |
| https://www.suse.com/security/cve/CVE-2024-9902/ | self |
| https://www.suse.com/security/cve/CVE-2023-5115 | external |
| https://bugzilla.suse.com/1215606 | external |
| https://www.suse.com/security/cve/CVE-2023-5764 | external |
| https://bugzilla.suse.com/1216854 | external |
| https://www.suse.com/security/cve/CVE-2024-0690 | external |
| https://bugzilla.suse.com/1219002 | external |
| https://www.suse.com/security/cve/CVE-2024-11079 | external |
| https://bugzilla.suse.com/1233276 | external |
| https://www.suse.com/security/cve/CVE-2024-8775 | external |
| https://bugzilla.suse.com/1230601 | external |
| https://www.suse.com/security/cve/CVE-2024-9902 | external |
| https://bugzilla.suse.com/1233000 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ansible-core-2.18-2.18.10-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ansible-core-2.18-2.18.10-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15638",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15638-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5115 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5764 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-0690 page",
"url": "https://www.suse.com/security/cve/CVE-2024-0690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-11079 page",
"url": "https://www.suse.com/security/cve/CVE-2024-11079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-8775 page",
"url": "https://www.suse.com/security/cve/CVE-2024-8775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-9902 page",
"url": "https://www.suse.com/security/cve/CVE-2024-9902/"
}
],
"title": "ansible-core-2.18-2.18.10-2.1 on GA media",
"tracking": {
"current_release_date": "2025-10-16T00:00:00Z",
"generator": {
"date": "2025-10-16T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15638-1",
"initial_release_date": "2025-10-16T00:00:00Z",
"revision_history": [
{
"date": "2025-10-16T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ansible-core-2.18-2.18.10-2.1.aarch64",
"product": {
"name": "ansible-core-2.18-2.18.10-2.1.aarch64",
"product_id": "ansible-core-2.18-2.18.10-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "ansible-test-2.18-2.18.10-2.1.aarch64",
"product": {
"name": "ansible-test-2.18-2.18.10-2.1.aarch64",
"product_id": "ansible-test-2.18-2.18.10-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-core-2.18-2.18.10-2.1.ppc64le",
"product": {
"name": "ansible-core-2.18-2.18.10-2.1.ppc64le",
"product_id": "ansible-core-2.18-2.18.10-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ansible-test-2.18-2.18.10-2.1.ppc64le",
"product": {
"name": "ansible-test-2.18-2.18.10-2.1.ppc64le",
"product_id": "ansible-test-2.18-2.18.10-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-core-2.18-2.18.10-2.1.s390x",
"product": {
"name": "ansible-core-2.18-2.18.10-2.1.s390x",
"product_id": "ansible-core-2.18-2.18.10-2.1.s390x"
}
},
{
"category": "product_version",
"name": "ansible-test-2.18-2.18.10-2.1.s390x",
"product": {
"name": "ansible-test-2.18-2.18.10-2.1.s390x",
"product_id": "ansible-test-2.18-2.18.10-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-core-2.18-2.18.10-2.1.x86_64",
"product": {
"name": "ansible-core-2.18-2.18.10-2.1.x86_64",
"product_id": "ansible-core-2.18-2.18.10-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "ansible-test-2.18-2.18.10-2.1.x86_64",
"product": {
"name": "ansible-test-2.18-2.18.10-2.1.x86_64",
"product_id": "ansible-test-2.18-2.18.10-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-2.18-2.18.10-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.aarch64"
},
"product_reference": "ansible-core-2.18-2.18.10-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-2.18-2.18.10-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.ppc64le"
},
"product_reference": "ansible-core-2.18-2.18.10-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-2.18-2.18.10-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.s390x"
},
"product_reference": "ansible-core-2.18-2.18.10-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-2.18-2.18.10-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.x86_64"
},
"product_reference": "ansible-core-2.18-2.18.10-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-2.18-2.18.10-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.aarch64"
},
"product_reference": "ansible-test-2.18-2.18.10-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-2.18-2.18.10-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.ppc64le"
},
"product_reference": "ansible-test-2.18-2.18.10-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-2.18-2.18.10-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.s390x"
},
"product_reference": "ansible-test-2.18-2.18.10-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-2.18-2.18.10-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.x86_64"
},
"product_reference": "ansible-test-2.18-2.18.10-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5115"
}
],
"notes": [
{
"category": "general",
"text": "An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5115",
"url": "https://www.suse.com/security/cve/CVE-2023-5115"
},
{
"category": "external",
"summary": "SUSE Bug 1215606 for CVE-2023-5115",
"url": "https://bugzilla.suse.com/1215606"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-5115"
},
{
"cve": "CVE-2023-5764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5764"
}
],
"notes": [
{
"category": "general",
"text": "A template injection flaw was found in Ansible where a user\u0027s controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5764",
"url": "https://www.suse.com/security/cve/CVE-2023-5764"
},
{
"category": "external",
"summary": "SUSE Bug 1216854 for CVE-2023-5764",
"url": "https://bugzilla.suse.com/1216854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-5764"
},
{
"cve": "CVE-2024-0690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-0690"
}
],
"notes": [
{
"category": "general",
"text": "An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-0690",
"url": "https://www.suse.com/security/cve/CVE-2024-0690"
},
{
"category": "external",
"summary": "SUSE Bug 1219002 for CVE-2024-0690",
"url": "https://bugzilla.suse.com/1219002"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-0690"
},
{
"cve": "CVE-2024-11079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-11079"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-11079",
"url": "https://www.suse.com/security/cve/CVE-2024-11079"
},
{
"category": "external",
"summary": "SUSE Bug 1233276 for CVE-2024-11079",
"url": "https://bugzilla.suse.com/1233276"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-11079"
},
{
"cve": "CVE-2024-8775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-8775"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-8775",
"url": "https://www.suse.com/security/cve/CVE-2024-8775"
},
{
"category": "external",
"summary": "SUSE Bug 1230601 for CVE-2024-8775",
"url": "https://bugzilla.suse.com/1230601"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-8775"
},
{
"cve": "CVE-2024-9902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-9902"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user\u0027s home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-9902",
"url": "https://www.suse.com/security/cve/CVE-2024-9902"
},
{
"category": "external",
"summary": "SUSE Bug 1233000 for CVE-2024-9902",
"url": "https://bugzilla.suse.com/1233000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.18-2.18.10-2.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.18-2.18.10-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-9902"
}
]
}
OPENSUSE-SU-2025:15754-1
Vulnerability from csaf_opensuse - Published: 2025-11-21 00:00 - Updated: 2025-11-21 00:00Summary
ansible-core-2.19-2.19.4-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: ansible-core-2.19-2.19.4-1.1 on GA media
Description of the patch: These are all security issues fixed in the ansible-core-2.19-2.19.4-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15754
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.6 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.1 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
20 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2023-5115/ | self |
| https://www.suse.com/security/cve/CVE-2023-5764/ | self |
| https://www.suse.com/security/cve/CVE-2024-0690/ | self |
| https://www.suse.com/security/cve/CVE-2024-11079/ | self |
| https://www.suse.com/security/cve/CVE-2024-8775/ | self |
| https://www.suse.com/security/cve/CVE-2024-9902/ | self |
| https://www.suse.com/security/cve/CVE-2023-5115 | external |
| https://bugzilla.suse.com/1215606 | external |
| https://www.suse.com/security/cve/CVE-2023-5764 | external |
| https://bugzilla.suse.com/1216854 | external |
| https://www.suse.com/security/cve/CVE-2024-0690 | external |
| https://bugzilla.suse.com/1219002 | external |
| https://www.suse.com/security/cve/CVE-2024-11079 | external |
| https://bugzilla.suse.com/1233276 | external |
| https://www.suse.com/security/cve/CVE-2024-8775 | external |
| https://bugzilla.suse.com/1230601 | external |
| https://www.suse.com/security/cve/CVE-2024-9902 | external |
| https://bugzilla.suse.com/1233000 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ansible-core-2.19-2.19.4-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ansible-core-2.19-2.19.4-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15754",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15754-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5115 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5764 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-0690 page",
"url": "https://www.suse.com/security/cve/CVE-2024-0690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-11079 page",
"url": "https://www.suse.com/security/cve/CVE-2024-11079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-8775 page",
"url": "https://www.suse.com/security/cve/CVE-2024-8775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-9902 page",
"url": "https://www.suse.com/security/cve/CVE-2024-9902/"
}
],
"title": "ansible-core-2.19-2.19.4-1.1 on GA media",
"tracking": {
"current_release_date": "2025-11-21T00:00:00Z",
"generator": {
"date": "2025-11-21T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15754-1",
"initial_release_date": "2025-11-21T00:00:00Z",
"revision_history": [
{
"date": "2025-11-21T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ansible-core-2.19-2.19.4-1.1.aarch64",
"product": {
"name": "ansible-core-2.19-2.19.4-1.1.aarch64",
"product_id": "ansible-core-2.19-2.19.4-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ansible-test-2.19-2.19.4-1.1.aarch64",
"product": {
"name": "ansible-test-2.19-2.19.4-1.1.aarch64",
"product_id": "ansible-test-2.19-2.19.4-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-core-2.19-2.19.4-1.1.ppc64le",
"product": {
"name": "ansible-core-2.19-2.19.4-1.1.ppc64le",
"product_id": "ansible-core-2.19-2.19.4-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ansible-test-2.19-2.19.4-1.1.ppc64le",
"product": {
"name": "ansible-test-2.19-2.19.4-1.1.ppc64le",
"product_id": "ansible-test-2.19-2.19.4-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-core-2.19-2.19.4-1.1.s390x",
"product": {
"name": "ansible-core-2.19-2.19.4-1.1.s390x",
"product_id": "ansible-core-2.19-2.19.4-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ansible-test-2.19-2.19.4-1.1.s390x",
"product": {
"name": "ansible-test-2.19-2.19.4-1.1.s390x",
"product_id": "ansible-test-2.19-2.19.4-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ansible-core-2.19-2.19.4-1.1.x86_64",
"product": {
"name": "ansible-core-2.19-2.19.4-1.1.x86_64",
"product_id": "ansible-core-2.19-2.19.4-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ansible-test-2.19-2.19.4-1.1.x86_64",
"product": {
"name": "ansible-test-2.19-2.19.4-1.1.x86_64",
"product_id": "ansible-test-2.19-2.19.4-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-2.19-2.19.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.aarch64"
},
"product_reference": "ansible-core-2.19-2.19.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-2.19-2.19.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.ppc64le"
},
"product_reference": "ansible-core-2.19-2.19.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-2.19-2.19.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.s390x"
},
"product_reference": "ansible-core-2.19-2.19.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-2.19-2.19.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.x86_64"
},
"product_reference": "ansible-core-2.19-2.19.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-2.19-2.19.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.aarch64"
},
"product_reference": "ansible-test-2.19-2.19.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-2.19-2.19.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.ppc64le"
},
"product_reference": "ansible-test-2.19-2.19.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-2.19-2.19.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.s390x"
},
"product_reference": "ansible-test-2.19-2.19.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-2.19-2.19.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.x86_64"
},
"product_reference": "ansible-test-2.19-2.19.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5115"
}
],
"notes": [
{
"category": "general",
"text": "An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5115",
"url": "https://www.suse.com/security/cve/CVE-2023-5115"
},
{
"category": "external",
"summary": "SUSE Bug 1215606 for CVE-2023-5115",
"url": "https://bugzilla.suse.com/1215606"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-5115"
},
{
"cve": "CVE-2023-5764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5764"
}
],
"notes": [
{
"category": "general",
"text": "A template injection flaw was found in Ansible where a user\u0027s controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5764",
"url": "https://www.suse.com/security/cve/CVE-2023-5764"
},
{
"category": "external",
"summary": "SUSE Bug 1216854 for CVE-2023-5764",
"url": "https://bugzilla.suse.com/1216854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-5764"
},
{
"cve": "CVE-2024-0690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-0690"
}
],
"notes": [
{
"category": "general",
"text": "An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-0690",
"url": "https://www.suse.com/security/cve/CVE-2024-0690"
},
{
"category": "external",
"summary": "SUSE Bug 1219002 for CVE-2024-0690",
"url": "https://bugzilla.suse.com/1219002"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-0690"
},
{
"cve": "CVE-2024-11079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-11079"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-11079",
"url": "https://www.suse.com/security/cve/CVE-2024-11079"
},
{
"category": "external",
"summary": "SUSE Bug 1233276 for CVE-2024-11079",
"url": "https://bugzilla.suse.com/1233276"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-11079"
},
{
"cve": "CVE-2024-8775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-8775"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-8775",
"url": "https://www.suse.com/security/cve/CVE-2024-8775"
},
{
"category": "external",
"summary": "SUSE Bug 1230601 for CVE-2024-8775",
"url": "https://bugzilla.suse.com/1230601"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-8775"
},
{
"cve": "CVE-2024-9902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-9902"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user\u0027s home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-9902",
"url": "https://www.suse.com/security/cve/CVE-2024-9902"
},
{
"category": "external",
"summary": "SUSE Bug 1233000 for CVE-2024-9902",
"url": "https://bugzilla.suse.com/1233000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-core-2.19-2.19.4-1.1.x86_64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.aarch64",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.ppc64le",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.s390x",
"openSUSE Tumbleweed:ansible-test-2.19-2.19.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-9902"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…