{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35445?format=json","vulnerability_id":"VCID-w1ap-atw2-qbc8","summary":"A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks.","aliases":[{"alias":"CVE-2019-10217"},{"alias":"GHSA-p75j-wc34-527c"},{"alias":"PYSEC-2019-3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14347?format=json","purl":"pkg:pypi/ansible@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.4"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12525?format=json","purl":"pkg:pypi/ansible@2.8.0a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-w1ap-atw2-qbc8"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.0a1"},{"url":"http://public2.vulnerablecode.io/api/packages/12530?format=json","purl":"pkg:pypi/ansible@2.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-w1ap-atw2-qbc8"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/12532?format=json","purl":"pkg:pypi/ansible@2.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-w1ap-atw2-qbc8"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/13924?format=json","purl":"pkg:pypi/ansible@2.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-w1ap-atw2-qbc8"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/14346?format=json","purl":"pkg:pypi/ansible@2.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5t77-f231-6ffg"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-ec6s-8f24-9bh7"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-w1ap-atw2-qbc8"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.3"}],"references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10217","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10217"},{"reference_url":"https://github.com/advisories/GHSA-p75j-wc34-527c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p75j-wc34-527c"},{"reference_url":"https://github.com/ansible/ansible","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible"},{"reference_url":"https://github.com/ansible/ansible/commit/c1ee1f142db1e669b710a65147ea32be47a91519","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/c1ee1f142db1e669b710a65147ea32be47a91519"},{"reference_url":"https://github.com/ansible/ansible/issues/56269","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/issues/56269"},{"reference_url":"https://github.com/ansible/ansible/pull/59427","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/pull/59427"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-3.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-3.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10217","reference_id":"CVE-2019-10217","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10217"}],"weaknesses":[{"cwe_id":200,"name":"Exposure of Sensitive Information to an Unauthorized Actor","description":"The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w1ap-atw2-qbc8"}