Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Discovery 1 for RHEL 9 by Red Hat

    CVE-2024-8775 (GCVE-0-2024-8775)

    Vulnerability from nvd – Published: 2024-09-14 02:15 – Updated: 2025-11-06 23:17
    VLAI
    Title
    Ansible-core: exposure of sensitive information in ansible vault files due to improper logging
    Summary
    A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 1.0.0 , ≤ 2.17.4 (semver)
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 3.0.1-96 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 3.0.1-95 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.9.27-32 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.14.13-21 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.17.6-2 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Discovery 1 for RHEL 9 Unaffected: 1.12.0-1 , < * (rpm)
        cpe:/o:redhat:discovery:1.0::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 1:2.15.13-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 1:2.15.13-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 1:2.16.13-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 1:2.16.13-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI (RHEL AI)     cpe:/a:redhat:enterprise_linux_ai:1
    Create a notification for this product.
    Date Public
    2024-09-13 08:35
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8775",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-16T14:21:23.423396Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-16T14:29:01.960Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T22:33:00.432Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/ansible/ansible",
              "defaultStatus": "unaffected",
              "packageName": "ansible-core",
              "versions": [
                {
                  "lessThanOrEqual": "2.17.4",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ansible-builder-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3.0.1-96",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ansible-builder-rhel9",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3.0.1-95",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-29-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.9.27-32",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-minimal-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.14.13-21",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-minimal-rhel9",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.17.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/o:redhat:discovery:1.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-server-rhel9",
              "product": "Discovery 1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.12.0-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/o:redhat:discovery:1.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-ui-rhel9",
              "product": "Discovery 1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.12.0-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.13-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.13-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.16.13-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.16.13-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux_ai:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhelai1/bootc-nvidia-rhel9",
              "product": "Red Hat Enterprise Linux AI (RHEL AI)",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-09-13T08:35:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T23:17:04.821Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:10762",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:10762"
            },
            {
              "name": "RHSA-2024:8969",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:8969"
            },
            {
              "name": "RHSA-2024:9894",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:9894"
            },
            {
              "name": "RHSA-2025:1249",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1249"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-8775"
            },
            {
              "name": "RHBZ#2312119",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312119"
            },
            {
              "url": "https://github.com/advisories/GHSA-jpxc-vmjf-9fcj"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-09-13T08:31:27.781Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-09-13T08:35:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Ansible-core: exposure of sensitive information in ansible vault files due to improper logging",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_redhatCweChain": "CWE-532: Insertion of Sensitive Information into Log File"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-8775",
        "datePublished": "2024-09-14T02:15:14.907Z",
        "dateReserved": "2024-09-13T09:06:07.367Z",
        "dateUpdated": "2025-11-06T23:17:04.821Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8775 (GCVE-0-2024-8775)

    Vulnerability from cvelistv5 – Published: 2024-09-14 02:15 – Updated: 2025-11-06 23:17
    VLAI
    Title
    Ansible-core: exposure of sensitive information in ansible vault files due to improper logging
    Summary
    A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 1.0.0 , ≤ 2.17.4 (semver)
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 3.0.1-96 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 3.0.1-95 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.9.27-32 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.14.13-21 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Ansible Automation Platform Execution Environments Unaffected: 2.17.6-2 , < * (rpm)
        cpe:/a:redhat:ansible_core:2::el8
        cpe:/a:redhat:ansible_core:2::el9
    Create a notification for this product.
    Red Hat Discovery 1 for RHEL 9 Unaffected: 1.12.0-1 , < * (rpm)
        cpe:/o:redhat:discovery:1.0::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 1:2.15.13-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 1:2.15.13-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el8
        cpe:/a:redhat:ansible_automation_platform:2.4::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
        cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 8 Unaffected: 1:2.16.13-1.el8ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2.5 for RHEL 9 Unaffected: 1:2.16.13-1.el9ap , < * (rpm)
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
        cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
        cpe:/a:redhat:ansible_automation_platform:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
        cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
        cpe:/a:redhat:ansible_automation_platform:2.5::el8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI (RHEL AI)     cpe:/a:redhat:enterprise_linux_ai:1
    Create a notification for this product.
    Date Public
    2024-09-13 08:35
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8775",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-16T14:21:23.423396Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-16T14:29:01.960Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T22:33:00.432Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/ansible/ansible",
              "defaultStatus": "unaffected",
              "packageName": "ansible-core",
              "versions": [
                {
                  "lessThanOrEqual": "2.17.4",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ansible-builder-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3.0.1-96",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ansible-builder-rhel9",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3.0.1-95",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-29-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.9.27-32",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-minimal-rhel8",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.14.13-21",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_core:2::el8",
                "cpe:/a:redhat:ansible_core:2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform/ee-minimal-rhel9",
              "product": "Ansible Automation Platform Execution Environments",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.17.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/o:redhat:discovery:1.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-server-rhel9",
              "product": "Discovery 1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.12.0-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/o:redhat:discovery:1.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-ui-rhel9",
              "product": "Discovery 1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.12.0-1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.13-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.15.13-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.16.13-1.el8ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
                "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
                "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.16.13-1.el9ap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-core",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux_ai:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhelai1/bootc-nvidia-rhel9",
              "product": "Red Hat Enterprise Linux AI (RHEL AI)",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-09-13T08:35:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-06T23:17:04.821Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:10762",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:10762"
            },
            {
              "name": "RHSA-2024:8969",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:8969"
            },
            {
              "name": "RHSA-2024:9894",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:9894"
            },
            {
              "name": "RHSA-2025:1249",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1249"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-8775"
            },
            {
              "name": "RHBZ#2312119",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312119"
            },
            {
              "url": "https://github.com/advisories/GHSA-jpxc-vmjf-9fcj"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-09-13T08:31:27.781Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-09-13T08:35:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Ansible-core: exposure of sensitive information in ansible vault files due to improper logging",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_redhatCweChain": "CWE-532: Insertion of Sensitive Information into Log File"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-8775",
        "datePublished": "2024-09-14T02:15:14.907Z",
        "dateReserved": "2024-09-13T09:06:07.367Z",
        "dateUpdated": "2025-11-06T23:17:04.821Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }