Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-dagf-buer-4ffr
Vulnerability ID VCID-dagf-buer-4ffr
Aliases PYSEC-2020-179
Summary Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
There are no known severity scores.
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14864
https://github.com/ansible/ansible/issues/63522
https://github.com/ansible/ansible/pull/63527
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-04-01T15:01:22.258766+00:00 PyPI Importer Import https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0