Debian Bug report logs -
#912297
ansible: CVE-2018-16837
Package:
ansible;
Maintainer for ansible is Harlan Lieberman-Berg <hlieberman@debianorg>; Source for ansible is src:ansible (PTS, buildd, popcon)
Reported by: Chris Lamb <lamby@debianorg>
Date: Mon, 29 Oct 2018 21:54:02 UTC
Severity: grave
Tags: security
Fo ...
Several security issues were fixed in Ansible ...
Several vulnerabilities have been found in Ansible, a configuration
management, deployment, and task execution system:
CVE-2018-10855
/ CVE-2018-16876
The no_log task flag wasn't honored, resulting in an information leak
CVE-2018-10875
ansiblecfg was read from the current working directory
CVE-2018-16837
The user module leaked param ...
Synopsis
Moderate: ansible security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for ansible is now available for Ansible Engine 26Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...
Synopsis
Moderate: Red Hat Virtualization security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...
Synopsis
Moderate: ansible security update
Type/Severity
Security Advisory: Moderate
Topic
An update for ansible is now available for Ansible Engine 24Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which give ...
Synopsis
Moderate: ansible security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for ansible is now available for Ansible Engine 2Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis
Moderate: ansible security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for ansible is now available for Ansible Engine 25Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...
Synopsis
Moderate: ansible security update
Type/Severity
Security Advisory: Moderate
Topic
An update for ansible is now available for Red HatOpenStack Platform 130 (Queens)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) b ...
Synopsis
Moderate: ansible security update
Type/Severity
Security Advisory: Moderate
Topic
An update for ansible is now available for Red Hat OpenStack Platform 100 (Newton)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ...
It was found that ansiblecfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker This could allow an attacker to execute arbitrary code ...