Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.
CVSS Information
N/A
Vulnerability Type
日志输出的转义处理不恰当
Vulnerability Title
Ansible 日志信息泄露漏洞
Vulnerability Description
Ansible是美国Ansible公司的一款计算机系统配置管理器。该产品可用于发布、管理和编排计算机系统。 Ansible中存在安全漏洞。攻击者可利用该漏洞获取敏感信息。以下产品及版本受到影响:Ansible 2.9.1之前的2.9.x版本,2.8.7之前的2.8.x版本,2.7.15之前的2.7.x版本。
CVSS Information
N/A
Vulnerability Type
N/A