Search for vulnerabilities
Vulnerability details: VCID-65qb-3ag2-y7c3
Vulnerability ID VCID-65qb-3ag2-y7c3
Aliases CVE-2019-14858
GHSA-h653-95qw-h2mp
PYSEC-2019-171
Summary A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-532 Insertion of Sensitive Information into Log File
CWE-117 Improper Output Neutralization for Logs
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 5.5 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
cvssv3.1 5.5 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
cvssv3.1 5.5 https://access.redhat.com/errata/RHSA-2019:3201
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2019:3201
cvssv3.1 5.5 https://access.redhat.com/errata/RHSA-2019:3202
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2019:3202
cvssv3.1 5.5 https://access.redhat.com/errata/RHSA-2019:3203
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2019:3203
cvssv3.1 5.5 https://access.redhat.com/errata/RHSA-2019:3207
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2019:3207
cvssv3.1 5.5 https://access.redhat.com/errata/RHSA-2020:0756
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2020:0756
cvssv3 5.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14858.json
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2019-14858
cvssv3.1 5.5 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14858
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14858
cvssv3 2.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-h653-95qw-h2mp
cvssv3.1 5.5 https://github.com/ansible/ansible
generic_textual MODERATE https://github.com/ansible/ansible
cvssv3.1 5.5 https://github.com/ansible/ansible/commit/0fd656e9964a91f2e8b1e9bbf78c74661ab9d37b
generic_textual MODERATE https://github.com/ansible/ansible/commit/0fd656e9964a91f2e8b1e9bbf78c74661ab9d37b
cvssv3.1 5.5 https://github.com/ansible/ansible/commit/3dfb8e81bb5f776a6b00c7a90dd087e85b71f8bb
generic_textual MODERATE https://github.com/ansible/ansible/commit/3dfb8e81bb5f776a6b00c7a90dd087e85b71f8bb
cvssv3.1 5.5 https://github.com/ansible/ansible/commit/87f8d77d70476454f7fe2381bd363a329ce4266c
generic_textual MODERATE https://github.com/ansible/ansible/commit/87f8d77d70476454f7fe2381bd363a329ce4266c
cvssv3.1 5.5 https://github.com/ansible/ansible/commit/f610ed3a4eb87eb557200606279796921fa9b722
generic_textual MODERATE https://github.com/ansible/ansible/commit/f610ed3a4eb87eb557200606279796921fa9b722
cvssv3.1 5.5 https://github.com/ansible/ansible/pull/63405
generic_textual MODERATE https://github.com/ansible/ansible/pull/63405
cvssv3.1 5.5 https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-171.yaml
generic_textual MODERATE https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-171.yaml
cvssv2 2.1 https://nvd.nist.gov/vuln/detail/CVE-2019-14858
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2019-14858
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2019-14858
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
https://access.redhat.com/errata/RHSA-2019:3201
https://access.redhat.com/errata/RHSA-2019:3202
https://access.redhat.com/errata/RHSA-2019:3203
https://access.redhat.com/errata/RHSA-2019:3207
https://access.redhat.com/errata/RHSA-2020:0756
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14858.json
https://api.first.org/data/v1/epss?cve=CVE-2019-14858
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14858
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/ansible/ansible
https://github.com/ansible/ansible/commit/0fd656e9964a91f2e8b1e9bbf78c74661ab9d37b
https://github.com/ansible/ansible/commit/3dfb8e81bb5f776a6b00c7a90dd087e85b71f8bb
https://github.com/ansible/ansible/commit/87f8d77d70476454f7fe2381bd363a329ce4266c
https://github.com/ansible/ansible/commit/f610ed3a4eb87eb557200606279796921fa9b722
https://github.com/ansible/ansible/pull/63405
https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-171.yaml
https://nvd.nist.gov/vuln/detail/CVE-2019-14858
1760593 https://bugzilla.redhat.com/show_bug.cgi?id=1760593
942332 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942332
cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*
GHSA-h653-95qw-h2mp https://github.com/advisories/GHSA-h653-95qw-h2mp
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2019:3201
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2019:3202
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2019:3203
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2019:3207
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2020:0756
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14858.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14858
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/commit/0fd656e9964a91f2e8b1e9bbf78c74661ab9d37b
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/commit/3dfb8e81bb5f776a6b00c7a90dd087e85b71f8bb
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/commit/87f8d77d70476454f7fe2381bd363a329ce4266c
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/commit/f610ed3a4eb87eb557200606279796921fa9b722
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible/pull/63405
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2019-171.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-14858
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-14858
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.11196
EPSS Score 0.0004
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:07:54.997001+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/ansible/PYSEC-2019-171.yaml 37.0.0