CVE-2019-10217

MEDIUM Year: 2019
CVSS v3 Score
5.7
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-200
View all →

Vulnerability Description

A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks.

Related Vulnerabilities

CVE-2012-1994

MEDIUM
CVSS:5.7(Medium)

HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information

CWE-2002012

CVE-2016-3037

MEDIUM
CVSS:5.7(Medium)

IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X...

CWE-2002016

CVE-2016-5602

MEDIUM
CVSS:5.7(Medium)

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect...

CWE-2002016

CVE-2017-1214

MEDIUM
CVSS:5.7(Medium)

IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854.

CWE-2002017

CVE-2017-20101

MEDIUM
CVSS:5.7(Medium)

A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file ...

CWE-2002017

CVE-2017-3292

MEDIUM
CVSS:5.7(Medium)

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily exploi...

CWE-2002017