Medium severity5.5GHSA Advisory· Published Sep 14, 2024· Updated Apr 15, 2026
CVE-2024-8775
CVE-2024-8775
Description
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ansible-corePyPI | >= 2.17.0b1, < 2.17.6 | 2.17.6 |
ansible-corePyPI | < 2.16.13 | 2.16.13 |
Affected products
15- ghsa-coords14 versionspkg:pypi/ansible-corepkg:rpm/opensuse/ansible-core-2.16&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ansible-core-2.17&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ansible-core-2.18&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ansible-core-2.19&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ansible-core-2.20&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ansible-core&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ansible&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/ansible&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/ansible&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/uyuni-proxy-systemd-services&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/uyuni-proxy-systemd-services&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205pkg:rpm/suse/uyuni-proxy-systemd-services&distro=SUSE%20Manager%20Proxy%20Module%204.3
>= 2.17.0b1, < 2.17.6+ 13 more
- (no CPE)range: >= 2.17.0b1, < 2.17.6
- (no CPE)range: < 2.16.13-1.1
- (no CPE)range: < 2.17.6-1.1
- (no CPE)range: < 2.18.10-2.1
- (no CPE)range: < 2.19.4-1.1
- (no CPE)range: < 2.20.6-1.1
- (no CPE)range: < 2.17.6-1.1
- (no CPE)range: < 2.9.27-150000.1.20.1
- (no CPE)range: < 2.9.27-150000.1.20.1
- (no CPE)range: < 2.9.27-150000.1.20.1
- (no CPE)range: < 4.3.22-150000.3.100.1
- (no CPE)range: < 4.3.15-150000.1.30.1
- (no CPE)range: < 4.3.15-150000.1.30.1
- (no CPE)range: < 4.3.15-150000.1.30.1
Patches
Vulnerability mechanics
References
12- github.com/advisories/GHSA-jpxc-vmjf-9fcjnvdADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-8775ghsaADVISORY
- access.redhat.com/errata/RHSA-2024:10762nvdWEB
- access.redhat.com/errata/RHSA-2024:8969nvdWEB
- access.redhat.com/errata/RHSA-2024:9894nvdWEB
- access.redhat.com/errata/RHSA-2025:1249nvdWEB
- access.redhat.com/security/cve/CVE-2024-8775nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/ansible/ansible/blob/v2.16.13/changelogs/CHANGELOG-v2.16.rstghsaWEB
- github.com/ansible/ansible/blob/v2.17.6/changelogs/CHANGELOG-v2.17.rstghsaWEB
- github.com/ansible/ansible/commit/8a87e1c5d37422bc99d27ad4237d185cc233e035ghsaWEB
- lists.debian.org/debian-lts-announce/2024/11/msg00021.htmlnvdWEB
News mentions
0No linked articles in our index yet.