Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2018-10855

Published: 03/07/2018 Updated: 04/08/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Openstack

Vulnerability Summary

Ansible 2.5 before 2.5.5, and 2.4 before 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat openstack 13

redhat ansible engine

redhat ansible engine 2.0

redhat virtualization 4.0

redhat cloudforms 4.6

debian debian linux 9.0

redhat openstack 10

redhat openstack 12

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

canonical ubuntu linux 19.04

Vendor Advisories

Debian CVElist Bug Report Logs: ansible: CVE-2018-16837
Debian Bug report logs - #912297 ansible: CVE-2018-16837 Package: ansible; Maintainer for ansible is Harlan Lieberman-Berg <hlieberman@debianorg>; Source for ansible is src:ansible (PTS, buildd, popcon) Reported by: Chris Lamb <lamby@debianorg> Date: Mon, 29 Oct 2018 21:54:02 UTC Severity: grave Tags: security Fo ...
Ubuntu Security Notice: ansible vulnerabilities
Several security issues were fixed in Ansible ...
Debian Security Advisories: DSA-4396-1 ansible -- security update
Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system: CVE-2018-10855 / CVE-2018-16876 The no_log task flag wasn't honored, resulting in an information leak CVE-2018-10875 ansiblecfg was read from the current working directory CVE-2018-16837 The user module leaked param ...
Red Hat: Moderate: CloudForms 4.6.3 bug fix and enhancement update
Synopsis Moderate: CloudForms 463 bug fix and enhancement update Type/Severity Security Advisory: Moderate Topic An update is now available for CloudForms Management Engine 59Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CV ...
Red Hat: Moderate: ansible security and bug fix update
Synopsis Moderate: ansible security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Red Hat Ansible Engine 24 for RHEL 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syste ...
Red Hat: Moderate: ansible security and bug fix update
Synopsis Moderate: ansible security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Red Hat Ansible Engine 25 for RHEL 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syste ...
Red Hat: Moderate: Red Hat Virtualization security, bug fix, and enhancement update
Synopsis Moderate: Red Hat Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated redhat-virtualization-host packages that fix several bugs and add various enhancements are now availableRed Hat Product Security has rated this update as having a secu ...
Red Hat: Moderate: ansible security update
Synopsis Moderate: ansible security update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Red HatOpenStack Platform 130 (Queens)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) b ...
Red Hat: Moderate: ansible security update
Synopsis Moderate: ansible security update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Red Hat OpenStack Platform 100 (Newton)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ...
Red Hat: Moderate: ansible security and bug fix update
Synopsis Moderate: ansible security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Red Hat Ansible Engine 2 for RHEL 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Red Hat: CVE-2018-10855
Ansible 25 prior to 255, and 24 prior to 245, do not honor the no_log task flag for failed tasks When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible ...

References

CWE-532https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855https://access.redhat.com/errata/RHSA-2018:2079https://access.redhat.com/errata/RHSA-2018:2022https://access.redhat.com/errata/RHSA-2018:1949https://access.redhat.com/errata/RHSA-2018:1948https://access.redhat.com/errata/RHSA-2018:2184https://access.redhat.com/errata/RHSA-2018:2585https://access.redhat.com/errata/RHBA-2018:3788https://access.redhat.com/errata/RHSA-2019:0054https://www.debian.org/security/2019/dsa-4396https://usn.ubuntu.com/4072-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912297https://usn.ubuntu.com/4072-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook