{"id":"PYSEC-2020-179","details":"Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.","modified":"2023-03-14T07:01:09.409830Z","published":"2020-01-02T15:15:00Z","withdrawn":"2023-03-14T07:01:09.409830Z","references":[{"type":"WEB","url":"https://github.com/ansible/ansible/pull/63527"},{"type":"WEB","url":"https://github.com/ansible/ansible/issues/63522"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14864"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html"}],"affected":[{"package":{"name":"ansible","ecosystem":"PyPI","purl":"pkg:pypi/ansible"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.7.0"},{"fixed":"2.7.15"},{"introduced":"2.8.0"},{"fixed":"2.8.7"},{"introduced":"2.9.0"},{"fixed":"2.9.1"}]}],"versions":["2.7.0","2.7.1","2.7.2","2.7.3","2.7.4","2.7.5","2.7.6","2.7.7","2.7.8","2.7.9","2.7.10","2.7.11","2.7.12","2.7.13","2.7.14","2.8.0","2.8.1","2.8.2","2.8.3","2.8.4","2.8.5","2.8.6","2.9.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/ansible/PYSEC-2020-179.yaml"}}],"schema_version":"1.7.3"}