CVE-2019-14846

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846	Issue Tracking Vendor Advisory
https://github.com/ansible/ansible/pull/63366	Patch Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3207	Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:3201	Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:3202	Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:3203	Vendor Advisory
https://access.redhat.com/errata/RHSA-2020:0756	Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html	Mailing List Third Party Advisory
https://www.debian.org/security/2021/dsa-4950	Third Party Advisory

Configuration 1

cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*

---

Published : 2019-10-08 07:15

Updated : 2022-04-22 07:56

---

NVD link : CVE-2019-14846

Mitre link : CVE-2019-14846

Ansible Engine

Redhat

CWE-117

Improper Output Neutralization for Logs

CWE-532

Insertion of Sensitive Information into Log File