Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for Ansible Automation Platform Execution Environments by Red Hat

    CVE-2024-11079 (GCVE-0-2024-11079)

    Vulnerability from nvd – Published: 2024-11-11 23:32 – Updated: 2026-06-29 23:43
    VLAI
    Title
    Ansible-core: unsafe tagging bypass via hostvars object in ansible-core
    Summary
    A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , ≤ 2.18.0 (semver)
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 1.2.0-93 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 3.0.1-108 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.9.27-34 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.12.10-56 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.15.13-4 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 1:2.16.14-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 1:2.16.14-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI (RHEL AI)     cpe:/a:redhat:enterprise_linux_ai:1
    Create a notification for this product.
    Date Public
    2024-11-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11079",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-12T14:41:52.352926Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-12T14:42:14.546Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-03-18T01:33:55.730Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/03/msg00006.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/ansible/ansible",
              "defaultStatus": "unaffected",
              "packageName": "ansible-core",
              "versions": [
                {
                  "lessThanOrEqual": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ansible-builder-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.2.0-93",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ansible-builder-rhel9",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3.0.1-108",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-29-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.9.27-34",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-minimal-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.12.10-56",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-minimal-rhel9",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.15.13-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.16.14-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.16.14-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "ansible-core",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux_ai:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhelai1/bootc-azure-nvidia-rhel9",
              "product": "Red Hat Enterprise Linux AI (RHEL AI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux_ai:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhelai1/bootc-nvidia-rhel9",
              "product": "Red Hat Enterprise Linux AI (RHEL AI)",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-11-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T23:43:22.569Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:10770",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:10770"
            },
            {
              "name": "RHSA-2024:11145",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:11145"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-11079"
            },
            {
              "name": "RHBZ#2325171",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325171"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-11-11T11:43:42.603Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-11-11T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Ansible-core: unsafe tagging bypass via hostvars object in ansible-core",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this vulnerability, avoid using the hostvars object to reference content marked as !unsafe. Ensure that all remote data from modules or lookups is properly sanitized and validated before use in playbooks. Additionally, restrict access to inventory files and Ansible playbooks to trusted users to minimize exploitation risks."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-20: Improper Input Validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-11079",
        "datePublished": "2024-11-11T23:32:55.539Z",
        "dateReserved": "2024-11-11T11:57:21.806Z",
        "dateUpdated": "2026-06-29T23:43:22.569Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-9902 (GCVE-0-2024-9902)

    Vulnerability from nvd – Published: 2024-11-06 09:56 – Updated: 2025-11-06 23:17
    VLAI
    Title
    Ansible-core: ansible-core user may read/write unauthorized content
    Summary
    A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , < 2.14.18rc1 (custom)
    Affected: 2.15.0b1 , < 2.15.13rc1 (custom)
    Affected: 2.16.0b1 , < 2.16.13rc1 (custom)
    Affected: 2.17.0b1 , < 2.17.6rc1 (custom)
    Affected: 2.18.0b1 , < 2.18.0rc2 (custom)
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 3.0.1-96 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el9
        cpe:/a:redhat:ansible_core:2::el8
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 3.0.1-95 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el9
        cpe:/a:redhat:ansible_core:2::el8
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.9.27-32 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el9
        cpe:/a:redhat:ansible_core:2::el8
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.14.13-21 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el9
        cpe:/a:redhat:ansible_core:2::el8
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.17.6-2 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el9
        cpe:/a:redhat:ansible_core:2::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 1:2.15.13-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 1:2.15.13-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 1:2.16.13-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 1:2.16.13-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:2.14.2-4.6.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Date Public
    2024-11-06 06:11
    Credits
    Red Hat would like to thank Matt Clay for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9902",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T14:20:56.915379Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T14:21:06.565Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T22:33:34.510Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/ansible/ansible",
              "defaultStatus": "unaffected",
              "packageName": "ansible-core",
              "versions": [
                {
                  "lessThan": "2.14.18rc1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.15.13rc1",
                  "status": "affected",
                  "version": "2.15.0b1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.16.13rc1",
                  "status": "affected",
                  "version": "2.16.0b1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.17.6rc1",
                  "status": "affected",
                  "version": "2.17.0b1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.18.0rc2",
                  "status": "affected",
                  "version": "2.18.0b1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el9",
                "cpe:/a:redhat:ansible_core:2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ansible-builder-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3.0.1-96",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el9",
                "cpe:/a:redhat:ansible_core:2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ansible-builder-rhel9",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3.0.1-95",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el9",
                "cpe:/a:redhat:ansible_core:2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-29-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.9.27-32",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el9",
                "cpe:/a:redhat:ansible_core:2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-minimal-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.14.13-21",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el9",
                "cpe:/a:redhat:ansible_core:2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-minimal-rhel9",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.17.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.13-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.13-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.16.13-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.16.13-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-ansible-core",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.14.2-4.6.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "ansible-core",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Matt Clay for reporting this issue."
            }
          ],
          "datePublic": "2024-11-06T06:11:25.611Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user\u0027s home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T23:17:23.106Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:10762",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:10762"
            },
            {
              "name": "RHSA-2024:8969",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:8969"
            },
            {
              "name": "RHSA-2024:9894",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:9894"
            },
            {
              "name": "RHSA-2025:1861",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1861"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-9902"
            },
            {
              "name": "RHBZ#2318271",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318271"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-12T02:41:32.581Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-11-06T06:11:25.611Z",
              "value": "Made public."
            }
          ],
          "title": "Ansible-core: ansible-core user may read/write unauthorized content",
          "workarounds": [
            {
              "lang": "en",
              "value": "In the play that uses the user module with the key generation option,\nhave a prior task ensuring the public key does not exist for example:\n\n- name: avoid user exploit (change name depending on other options\nused in user task)\nfile: path=/home/{{username}}/.ssh/id_rsa.pub state=absent"
            }
          ],
          "x_redhatCweChain": "CWE-863: Incorrect Authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-9902",
        "datePublished": "2024-11-06T09:56:54.505Z",
        "dateReserved": "2024-10-12T02:46:57.580Z",
        "dateUpdated": "2025-11-06T23:17:23.106Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8775 (GCVE-0-2024-8775)

    Vulnerability from nvd – Published: 2024-09-14 02:15 – Updated: 2025-11-06 23:17
    VLAI
    Title
    Ansible-core: exposure of sensitive information in ansible vault files due to improper logging
    Summary
    A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 1.0.0 , ≤ 2.17.4 (semver)
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 3.0.1-96 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 3.0.1-95 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.9.27-32 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.14.13-21 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.17.6-2 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Discovery 1 for RHEL 9 Unaffected: 1.12.0-1 , < * (rpm)
        cpe:/o:redhat:discovery:1.0::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 1:2.15.13-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 1:2.15.13-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 1:2.16.13-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 1:2.16.13-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI (RHEL AI)     cpe:/a:redhat:enterprise_linux_ai:1
    Create a notification for this product.
    Date Public
    2024-09-13 08:35
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8775",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-16T14:21:23.423396Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-16T14:29:01.960Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T22:33:00.432Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/ansible/ansible",
              "defaultStatus": "unaffected",
              "packageName": "ansible-core",
              "versions": [
                {
                  "lessThanOrEqual": "2.17.4",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ansible-builder-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3.0.1-96",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ansible-builder-rhel9",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3.0.1-95",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-29-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.9.27-32",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-minimal-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.14.13-21",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-minimal-rhel9",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.17.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/o:redhat:discovery:1.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-server-rhel9",
              "product": "Discovery 1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.12.0-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/o:redhat:discovery:1.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-ui-rhel9",
              "product": "Discovery 1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.12.0-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.13-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.13-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.16.13-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.16.13-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux_ai:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhelai1/bootc-nvidia-rhel9",
              "product": "Red Hat Enterprise Linux AI (RHEL AI)",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-09-13T08:35:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T23:17:04.821Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:10762",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:10762"
            },
            {
              "name": "RHSA-2024:8969",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:8969"
            },
            {
              "name": "RHSA-2024:9894",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:9894"
            },
            {
              "name": "RHSA-2025:1249",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1249"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-8775"
            },
            {
              "name": "RHBZ#2312119",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312119"
            },
            {
              "url": "https://github.com/advisories/GHSA-jpxc-vmjf-9fcj"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-09-13T08:31:27.781Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-09-13T08:35:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Ansible-core: exposure of sensitive information in ansible vault files due to improper logging",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_redhatCweChain": "CWE-532: Insertion of Sensitive Information into Log File"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-8775",
        "datePublished": "2024-09-14T02:15:14.907Z",
        "dateReserved": "2024-09-13T09:06:07.367Z",
        "dateUpdated": "2025-11-06T23:17:04.821Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-11079 (GCVE-0-2024-11079)

    Vulnerability from cvelistv5 – Published: 2024-11-11 23:32 – Updated: 2026-06-29 23:43
    VLAI
    Title
    Ansible-core: unsafe tagging bypass via hostvars object in ansible-core
    Summary
    A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , ≤ 2.18.0 (semver)
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 1.2.0-93 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 3.0.1-108 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.9.27-34 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.12.10-56 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.15.13-4 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 1:2.16.14-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 1:2.16.14-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI (RHEL AI)     cpe:/a:redhat:enterprise_linux_ai:1
    Create a notification for this product.
    Date Public
    2024-11-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11079",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-12T14:41:52.352926Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-12T14:42:14.546Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-03-18T01:33:55.730Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/03/msg00006.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/ansible/ansible",
              "defaultStatus": "unaffected",
              "packageName": "ansible-core",
              "versions": [
                {
                  "lessThanOrEqual": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ansible-builder-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.2.0-93",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ansible-builder-rhel9",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3.0.1-108",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-29-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.9.27-34",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-minimal-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.12.10-56",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-minimal-rhel9",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.15.13-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.16.14-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.16.14-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "ansible-core",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux_ai:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhelai1/bootc-azure-nvidia-rhel9",
              "product": "Red Hat Enterprise Linux AI (RHEL AI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux_ai:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhelai1/bootc-nvidia-rhel9",
              "product": "Red Hat Enterprise Linux AI (RHEL AI)",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-11-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T23:43:22.569Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:10770",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:10770"
            },
            {
              "name": "RHSA-2024:11145",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:11145"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-11079"
            },
            {
              "name": "RHBZ#2325171",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325171"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-11-11T11:43:42.603Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-11-11T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Ansible-core: unsafe tagging bypass via hostvars object in ansible-core",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this vulnerability, avoid using the hostvars object to reference content marked as !unsafe. Ensure that all remote data from modules or lookups is properly sanitized and validated before use in playbooks. Additionally, restrict access to inventory files and Ansible playbooks to trusted users to minimize exploitation risks."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-20: Improper Input Validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-11079",
        "datePublished": "2024-11-11T23:32:55.539Z",
        "dateReserved": "2024-11-11T11:57:21.806Z",
        "dateUpdated": "2026-06-29T23:43:22.569Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-9902 (GCVE-0-2024-9902)

    Vulnerability from cvelistv5 – Published: 2024-11-06 09:56 – Updated: 2025-11-06 23:17
    VLAI
    Title
    Ansible-core: ansible-core user may read/write unauthorized content
    Summary
    A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , < 2.14.18rc1 (custom)
    Affected: 2.15.0b1 , < 2.15.13rc1 (custom)
    Affected: 2.16.0b1 , < 2.16.13rc1 (custom)
    Affected: 2.17.0b1 , < 2.17.6rc1 (custom)
    Affected: 2.18.0b1 , < 2.18.0rc2 (custom)
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 3.0.1-96 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el9
        cpe:/a:redhat:ansible_core:2::el8
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 3.0.1-95 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el9
        cpe:/a:redhat:ansible_core:2::el8
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.9.27-32 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el9
        cpe:/a:redhat:ansible_core:2::el8
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.14.13-21 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el9
        cpe:/a:redhat:ansible_core:2::el8
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.17.6-2 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el9
        cpe:/a:redhat:ansible_core:2::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 1:2.15.13-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 1:2.15.13-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 1:2.16.13-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 1:2.16.13-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1 for RHEL 9 Unaffected: 0:2.14.2-4.6.el9ost , < * (rpm)
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Date Public
    2024-11-06 06:11
    Credits
    Red Hat would like to thank Matt Clay for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9902",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T14:20:56.915379Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T14:21:06.565Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T22:33:34.510Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/ansible/ansible",
              "defaultStatus": "unaffected",
              "packageName": "ansible-core",
              "versions": [
                {
                  "lessThan": "2.14.18rc1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.15.13rc1",
                  "status": "affected",
                  "version": "2.15.0b1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.16.13rc1",
                  "status": "affected",
                  "version": "2.16.0b1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.17.6rc1",
                  "status": "affected",
                  "version": "2.17.0b1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.18.0rc2",
                  "status": "affected",
                  "version": "2.18.0b1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el9",
                "cpe:/a:redhat:ansible_core:2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ansible-builder-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3.0.1-96",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el9",
                "cpe:/a:redhat:ansible_core:2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ansible-builder-rhel9",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3.0.1-95",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el9",
                "cpe:/a:redhat:ansible_core:2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-29-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.9.27-32",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el9",
                "cpe:/a:redhat:ansible_core:2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-minimal-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.14.13-21",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el9",
                "cpe:/a:redhat:ansible_core:2::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-minimal-rhel9",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.17.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.13-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.13-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.16.13-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.16.13-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-ansible-core",
              "product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.14.2-4.6.el9ost",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "ansible-core",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Matt Clay for reporting this issue."
            }
          ],
          "datePublic": "2024-11-06T06:11:25.611Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user\u0027s home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T23:17:23.106Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:10762",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:10762"
            },
            {
              "name": "RHSA-2024:8969",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:8969"
            },
            {
              "name": "RHSA-2024:9894",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:9894"
            },
            {
              "name": "RHSA-2025:1861",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1861"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-9902"
            },
            {
              "name": "RHBZ#2318271",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318271"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-12T02:41:32.581Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-11-06T06:11:25.611Z",
              "value": "Made public."
            }
          ],
          "title": "Ansible-core: ansible-core user may read/write unauthorized content",
          "workarounds": [
            {
              "lang": "en",
              "value": "In the play that uses the user module with the key generation option,\nhave a prior task ensuring the public key does not exist for example:\n\n- name: avoid user exploit (change name depending on other options\nused in user task)\nfile: path=/home/{{username}}/.ssh/id_rsa.pub state=absent"
            }
          ],
          "x_redhatCweChain": "CWE-863: Incorrect Authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-9902",
        "datePublished": "2024-11-06T09:56:54.505Z",
        "dateReserved": "2024-10-12T02:46:57.580Z",
        "dateUpdated": "2025-11-06T23:17:23.106Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8775 (GCVE-0-2024-8775)

    Vulnerability from cvelistv5 – Published: 2024-09-14 02:15 – Updated: 2025-11-06 23:17
    VLAI
    Title
    Ansible-core: exposure of sensitive information in ansible vault files due to improper logging
    Summary
    A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 1.0.0 , ≤ 2.17.4 (semver)
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 3.0.1-96 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 3.0.1-95 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.9.27-32 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.14.13-21 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.17.6-2 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Discovery 1 for RHEL 9 Unaffected: 1.12.0-1 , < * (rpm)
        cpe:/o:redhat:discovery:1.0::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 1:2.15.13-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 1:2.15.13-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 1:2.16.13-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 1:2.16.13-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI (RHEL AI)     cpe:/a:redhat:enterprise_linux_ai:1
    Create a notification for this product.
    Date Public
    2024-09-13 08:35
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8775",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-16T14:21:23.423396Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-16T14:29:01.960Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T22:33:00.432Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/ansible/ansible",
              "defaultStatus": "unaffected",
              "packageName": "ansible-core",
              "versions": [
                {
                  "lessThanOrEqual": "2.17.4",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ansible-builder-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3.0.1-96",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ansible-builder-rhel9",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3.0.1-95",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-29-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.9.27-32",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-minimal-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.14.13-21",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-minimal-rhel9",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.17.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/o:redhat:discovery:1.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-server-rhel9",
              "product": "Discovery 1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.12.0-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/o:redhat:discovery:1.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-ui-rhel9",
              "product": "Discovery 1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.12.0-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.13-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.13-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.16.13-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.16.13-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux_ai:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhelai1/bootc-nvidia-rhel9",
              "product": "Red Hat Enterprise Linux AI (RHEL AI)",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-09-13T08:35:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T23:17:04.821Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:10762",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:10762"
            },
            {
              "name": "RHSA-2024:8969",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:8969"
            },
            {
              "name": "RHSA-2024:9894",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:9894"
            },
            {
              "name": "RHSA-2025:1249",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1249"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-8775"
            },
            {
              "name": "RHBZ#2312119",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312119"
            },
            {
              "url": "https://github.com/advisories/GHSA-jpxc-vmjf-9fcj"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-09-13T08:31:27.781Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-09-13T08:35:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Ansible-core: exposure of sensitive information in ansible vault files due to improper logging",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_redhatCweChain": "CWE-532: Insertion of Sensitive Information into Log File"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-8775",
        "datePublished": "2024-09-14T02:15:14.907Z",
        "dateReserved": "2024-09-13T09:06:07.367Z",
        "dateUpdated": "2025-11-06T23:17:04.821Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }