CVE-2019-10217 is a vulnerability in Red Hat Ansible
Published on November 25, 2019
A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2019-10217 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2019-10217
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-10217 are published in Red Hat Ansible:
Affected Versions
Red Hat Ansible Version ansible 2.8.0 before 2.8.4 is affected by CVE-2019-10217Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.