Execution of Ansible content on Microsoft's Windows platform with Powershell 5 or higher may disclose sensitive execution details including 'become' passwords, Ansible module arguments, and return values via Powershell's 'suspicious scriptblock logging' feature, which is enabled by default. The details are logged to the Powershell Operational log, which is visible to all authenticated users by default.
Find out more about CVE-2018-16859 from the MITRE CVE dictionary dictionary and NIST NVD.
CloudForms and Satellite 6 are not affected by this issue, since Microsoft Windows is not a supported platform.
CVSS3 Base Score | 4.2 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N |
Attack Vector | Local |
Attack Complexity | Low |
Privileges Required | High |
User Interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity Impact | None |
Availability Impact | None |
Platform | Errata | Release Date |
---|---|---|
Red Hat Ansible Engine 2 for RHEL 7 (ansible) | RHSA-2018:3772 | 2018-12-04 |
Red Hat Ansible Engine 2.7 for RHEL 7 (ansible) | RHSA-2018:3773 | 2018-12-04 |
Red Hat Ansible Engine 2.5 for RHEL 7 (ansible) | RHSA-2018:3770 | 2018-12-04 |
Red Hat Ansible Engine 2.6 for RHEL 7 (ansible) | RHSA-2018:3771 | 2018-12-04 |
Platform | Package | State |
---|---|---|
Red Hat Virtualization 4 | ansible | Not affected |
Red Hat Satellite 6 | ansible | Not affected |
Red Hat OpenStack Platform 14 | ansible | Will not fix |
Red Hat OpenStack Platform 13.0 (Queens) | ansible | Will not fix |
Red Hat OpenStack Platform 12.0 | ansible | Will not fix |
Red Hat OpenStack Platform 10 | ansible | Will not fix |
Red Hat OpenShift Enterprise 3.2 | ansible | Not affected |
Red Hat OpenShift Enterprise 3.1 | ansible | Not affected |
Red Hat OpenShift Enterprise 3.0 | ansible | Not affected |
Red Hat OpenShift Container Platform 3.7 | ansible | Affected |
Red Hat OpenShift Container Platform 3.6 | ansible | Affected |
Red Hat OpenShift Container Platform 3.5 | ansible | Affected |
Red Hat OpenShift Container Platform 3.4 | ansible | Affected |
Red Hat OpenShift Container Platform 3.3 | ansible | Not affected |
Red Hat Gluster Storage 3 | ansible | Will not fix |
Red Hat Ceph Storage 3 | ansible | Affected |
Red Hat Ceph Storage 2 | ansible | Affected |