Lucene search

K

GoogleOSV:GHSA-V735-2PP6-H86R

HistoryMay 14, 2022 - 1:14 a.m.

Ansible Logs Passwords If PowerShell ScriptBlock is Enabled

2022-05-1401:14:00

Google

osv.dev

9

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for ‘become’ passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.

CPENameOperatorVersion
ansibleeq1.4.3
ansibleeq1.6.6
ansibleeq2.5.2
ansibleeq1.1
ansibleeq2.7.5
ansibleeq1.0
ansibleeq1.8.1
ansibleeq2.7.0rc4
ansibleeq2.5.4
ansibleeq2.1.5.0

Rows per page:

1-10 of 1601

References

lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html

lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html

lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html

access.redhat.com/errata/RHSA-2018:3770

access.redhat.com/errata/RHSA-2018:3771

access.redhat.com/errata/RHSA-2018:3772

access.redhat.com/errata/RHSA-2018:3773

bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859

github.com/ansible/ansible/blob/v2.5.13/changelogs/CHANGELOG-v2.5.rst

github.com/ansible/ansible/pull/49142

nvd.nist.gov/vuln/detail/CVE-2018-16859

web.archive.org/web/20200227102121/www.securityfocus.com/bid/106004

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Related for OSV:GHSA-V735-2PP6-H86R

nessus6 alpinelinux1 cve1 redhat4 osv2 redhatcve1 veracode2 cvelist1 nvd1 github1 prion1 debiancve1 suse4 openvas1