CVE-2018-16876

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.

Published: Jan 3, 2019
Updated: Apr 13, 2023
CVE: CVE-2018-16876
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
redhat / ansible	2.5.0	2.5.14
redhat / ansible	2.6.0	2.6.11
redhat / ansible	2.7.0	2.7.5
debian / debian_linux	9.0	9.0.x
redhat / enterprise_linux_desktop	7.0	7.0.x
redhat / enterprise_linux_workstation	7.0	7.0.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / ansible_engine	2.5	2.5.x
redhat / ansible_engine	2.0	2.0.x
redhat / ansible_engine	2.6	2.6.x
redhat / ansible_engine	2.7	2.7.x
redhat / openstack	14	14.x
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	18.04	18.04.x
canonical / ubuntu_linux	19.04	19.04.x

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html
http://www.securityfocus.com/bid/106225
https://access.redhat.com/errata/RHSA-2018:3835
https://access.redhat.com/errata/RHSA-2018:3836
https://access.redhat.com/errata/RHSA-2018:3837
https://access.redhat.com/errata/RHSA-2018:3838
https://access.redhat.com/errata/RHSA-2019:0564
https://access.redhat.com/errata/RHSA-2019:0590
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16876
https://github.com/ansible/ansible/pull/49569
https://usn.ubuntu.com/4072-1/
https://www.debian.org/security/2019/dsa-4396

Vulnerability Database

289,599

CVE-2018-16876