CVE-2019-14846 vulnerability in OpenSuse and Other Products
Published on October 8, 2019
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
NVD
Weakness Types
Improper Output Neutralization for Logs
The software does not neutralize or incorrectly neutralizes output that is written to logs.
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Products Associated with CVE-2019-14846
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-14846 are published in these products:
Affected Versions
Red Hat Ansible Version all ansible_engine-2.x and ansible_engine-3.x up to ansible_engine-3.5 is affected by CVE-2019-14846Exploit Probability
EPSS
0.15%
Percentile
35.77%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.