Sensitive Data Leakage in Ansible GCP Modules

Sensitive Data Leakage in Ansible GCP Modules

CVE-2019-10217 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks.

Learn more about our Cis Benchmark Audit For Google Cloud Computing Platform.