{"id":"PYSEC-2019-3","details":"A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks.","aliases":["CVE-2019-10217","GHSA-p75j-wc34-527c"],"modified":"2023-11-08T04:00:43.347494Z","published":"2019-11-25T16:15:00Z","references":[{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10217"},{"type":"REPORT","url":"https://github.com/ansible/ansible/issues/56269"},{"type":"WEB","url":"https://github.com/ansible/ansible/pull/59427"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-p75j-wc34-527c"}],"affected":[{"package":{"name":"ansible","ecosystem":"PyPI","purl":"pkg:pypi/ansible"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.8.0"},{"fixed":"2.8.4"}]}],"versions":["2.8.0","2.8.1","2.8.2","2.8.3"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/ansible/PYSEC-2019-3.yaml"}}],"schema_version":"1.7.3"}