Source: ansible Version: 2.8.3+dfsg-1 Severity: important Tags: security upstream Forwarded: https://github.com/ansible/ansible/pull/63366
Hi, The following vulnerability was published for ansible. CVE-2019-14846[0]: | Ansible, all ansible_engine-2.x versions and ansible_engine-3.x up to | ansible_engine-3.5, was logging at the DEBUG level which lead to a | disclosure of credentials if a plugin used a library that logged | credentials at the DEBUG level. This flaw does not affect Ansible | modules, as those are executed in a separate process. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-14846 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14846 [1] https://github.com/ansible/ansible/pull/63366 Please adjust the affected versions in the BTS as needed. Regards, Salvatore