GHSA-h24r-m9qc-pvpg · Severity: medium · Ecosystem: pip — Ansible-core information disclosure flaw
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.
Conclusion & alert: CVE-2024-0690 is rated Low Risk (27.8/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.30%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.05% | 0.30% | +0.25% |
| 2 | 2025-06-27 | 0.04% | 0.05% | +0.01% |
| 3 | 2025-04-15 | — | 0.04% | — |
Full EPSS history (7 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 5.0 | 3.1 | MEDIUM |
|
1.3 | 3.6 | [email protected] |
| 5.5 | 3.1 | MEDIUM |
|
1.8 | 3.6 | [email protected] |
GHSA-h24r-m9qc-pvpg · Severity: medium · Ecosystem: pip — Ansible-core information disclosure flaw
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
not yet assigned | CVE-2024-0690 not yet assigned priority: Debian including 2 source packages (ansible, ansible-core), 9 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 9. | https://security-tracker.debian.org/tracker/CVE-2024-0690 |
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2024-0690 |
suse
|
medium | CVE-2024-0690 severity moderate: SUSE including 22 source package names (ansible, ansible-2.9.27-150000.1.17.2, …), 33 product×package rows across 13 product lines (HPE Helion OpenStack 8, SUSE Liberty Linux 8, … (13 product lines)): Fixed 27, Known Not Affected 3, Will Not Fix 3. | https://www.suse.com/security/cve/CVE-2024-0690/ |
ubuntu
|
medium | CVE-2024-0690 medium priority: Ubuntu including 2 source packages (ansible, ansible-core), 24 status rows across 12 suites (bionic, focal, jammy, lunar, mantic, noble, oracular, plucky, questing, trusty, upstream, xenial): needs-triage 12, ignored 8, DNE 4. | https://ubuntu.com/security/CVE-2024-0690 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| redhat | ansible | < 2.14.4 | cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:* |
| redhat | ansible | >= 2.15.0, < 2.15.9 | cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:* |
| redhat | ansible | >= 2.16.0, < 2.16.3 | cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:* |
| redhat | enterprise_linux | 8.0 | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux | 9.0 | cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
| redhat | ansible_automation_platform | 2.4 | cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:* |
| redhat | ansible_developer | 1.1 | cpe:2.3:a:redhat:ansible_developer:1.1:*:*:*:*:*:*:* |
| redhat | ansible_inside | 1.2 | cpe:2.3:a:redhat:ansible_inside:1.2:*:*:*:*:*:*:* |
| fedoraproject | fedora | 38 | cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |
| fedoraproject | fedora | 39 | cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* |