ExploitCVE-2019-14864
Insertion of Sensitive Information into Log File (CWE-532)
Published: Jan 2, 2020 / Updated: 40mo ago
010
CVSS 6.5EPSS 0.21%Medium
CVE info copied to clipboard
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Timeline
First Article
Feedly found the first article mentioning CVE-2019-14864. See article
Oct 22, 2019 at 1:37 PM / bugzilla.redhat.com
EPSS
EPSS Score was set to: 0.21% (Percentile: 58.5%)
Nov 4, 2023 at 1:53 AM
Affected Systems
Opensuse/leap
+null more
Exploits
https://github.com/ansible/ansible/issues/63522
+null more
Patches
github.com
+null more
Links to Mitre Att&cks
T1070: Indicator Removal on Host
+null more
Attack Patterns
CAPEC-215: Fuzzing for application mapping
+null more
References
Debian: ansible
News
redhat_unpatched ansible: ansible: Unpatched vulnerabilities
Development Last Updated: 5/11/2024 CVEs: CVE-2018-16837 , CVE-2019-10156 , CVE-2016-9587 , CVE-2017-7550 , CVE-2018-10855 , CVE-2018-10874 , CVE-2018-10875 , CVE-2016-8647 , CVE-2018-16876 , CVE-2018-16859 , CVE-2017-7473 , CVE-2019-14904 , CVE-2019-14905 , CVE-2020-14330 , CVE-2020-14332 , CVE-2020-14365 , CVE-2021-20178 , CVE-2021-20191 , CVE-2021-20228 , CVE-2019-3828 , CVE-2019-10206 , CVE-2019-14858 , CVE-2019-14846 , CVE-2019-14856 , CVE-2019-14864 , CVE-2020-1734 , CVE-2020-1737 , CVE-2020-1733 , CVE-2020-1739 , CVE-2020-1753 , CVE-2020-1735 , CVE-2020-1740 , CVE-2020-1736 , CVE-2020-1738 , CVE-2020-10684 , CVE-2020-10685 , CVE-2020-1746 , CVE-2020-10744 , CVE-2021-3447 , CVE-2021-3532 , CVE-2021-3620 , CVE-2021-4041 , CVE-2023-5115
CVE-2019-14864
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive...
CVE-2019-14864 | Red Hat Ansible up to 2.7.14/2.8.6/2.9.0 Callback Plugin Log neutralization for logs
A vulnerability classified as problematic has been found in Red Hat Ansible up to 2.7.14/2.8.6/2.9.0. This affects an unknown part of the component Callback Plugin Handler . The manipulation leads to improper output neutralization for logs (Log). This vulnerability is uniquely identified as CVE-2019-14864 . It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
Security Bulletin 27 Apr 2022
This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, ... CVE-2022-24500, Windows SMB Remote Code Execution Vulnerability.
Ansible tower license. Most Tower CLI resources have the following actions– get, list, create ...
The certification of Crunchy HA PostgreSQL for Red Hat Ansible Tower represents an initial result of this collaboration and provides Ansible Tower users an alternative option to deploy and scale To use the ansible command for host management, you need to provide an inventory file which defines a list of hosts to be managed from the control node. Premium (24x7 support) is $14,000 per year for up to 100 nodes or $17,500 with Pros: - This is a tool which is essential when you have 100's of devices you need to handle - Ansible tower is well packaged into a commercial product which allows you to execute rules and playbooks right from a UI hence making it easier for non-coders to run Ansible playbooks - A free license is available for 10 devices - Updates you on Neobits.
See 12 more articles and social media posts