vulnerability

Debian: CVE-2019-14858: ansible -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:N/A:N)

Published

Oct 14, 2019

Added

Jul 30, 2024

Modified

Mar 30, 2026

Description

A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.

Solution

debian-upgrade-ansible

References

CVE-2019-14858
https://attackerkb.com/topics/CVE-2019-14858
CWE-117
CWE-532
EUVD-EUVD-2019-0005
https://euvd.enisa.europa.eu/vulnerability/EUVD-2019-0005

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report