ALAS-2025-846

Amazon Linux 2023 Security Advisory: ALAS-2025-846
Advisory Release Date: 2025-02-12 22:57 Pacific
Advisory Updated Date: 2025-02-21 13:45 Pacific

Severity: Medium

References: CVE-2024-8775
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions. (CVE-2024-8775)

Affected Packages:

ansible-core

Issue Correction:
Run dnf update ansible-core --releasever 2023.6.20250218 to update your system.

New Packages:

aarch64:
    ansible-test-2.15.3-1.amzn2023.0.8.aarch64
    ansible-core-2.15.3-1.amzn2023.0.8.aarch64

src:
    ansible-core-2.15.3-1.amzn2023.0.8.src

x86_64:
    ansible-test-2.15.3-1.amzn2023.0.8.x86_64
    ansible-core-2.15.3-1.amzn2023.0.8.x86_64

Additional References

Red Hat: CVE-2024-8775

Mitre: CVE-2024-8775

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS-2025-846

Additional References