VYPR
Medium severity5.5GHSA Advisory· Published Sep 14, 2024· Updated Apr 15, 2026

CVE-2024-8775

CVE-2024-8775

Description

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ansible-corePyPI
>= 2.17.0b1, < 2.17.62.17.6
ansible-corePyPI
< 2.16.132.16.13

Affected products

15

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.