Lucene search

RedhatCVE-2018-10855

HistoryJul 03, 2018 - 1:29 a.m.

CVE-2018-10855

2018-07-0301:29:00

CWE-532

redhat

web.nvd.nist.gov

212

cve-2018-10855

ansible

data exposure

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

71.9%

JSON

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.

Affected configurations

Nvd

Vulners

Node

redhatansible_engineRange2.4–2.4.5

redhatansible_engineRange2.5–2.5.5

redhatansible_engineMatch2.0

redhatcloudformsMatch4.6

redhatopenstackMatch13

redhatvirtualizationMatch4.0

Node

debiandebian_linuxMatch9.0

Node

redhatopenstackMatch10

redhatopenstackMatch12

Node

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch19.04

VendorProductVersionCPE
redhatansible_engine*cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*
redhatansible_engine2.0cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*
redhatcloudforms4.6cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*
redhatopenstack13cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
redhatvirtualization4.0cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
redhatopenstack10cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
redhatopenstack12cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Vendor	Product	Version	CPE
redhat	ansible_engine	*	cpe:2.3:a:redhat:ansible_engine::::::::
redhat	ansible_engine	2.0	cpe:2.3:a:redhat:ansible_engine:2.0:::::::*
redhat	cloudforms	4.6	cpe:2.3:a:redhat:cloudforms:4.6:::::::*
redhat	openstack	13	cpe:2.3:a:redhat:openstack:13:::::::*
redhat	virtualization	4.0	cpe:2.3:a:redhat:virtualization:4.0:::::::*
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*
redhat	openstack	10	cpe:2.3:a:redhat:openstack:10:::::::*
redhat	openstack	12	cpe:2.3:a:redhat:openstack:12:::::::*
canonical	ubuntu_linux	16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
canonical	ubuntu_linux	18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

Rows per page:

1-10 of 111

CNA Affected

[
  {
    "product": "ansible",
    "vendor": "[UNKNOWN]",
    "versions": [
      {
        "status": "affected",
        "version": "Ansible 2.4.5"
      },
      {
        "status": "affected",
        "version": "Ansible 2.5.5"
      }
    ]
  }
]