Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
187
VMScore

CVE-2018-16859

Published: 29/11/2018 Updated: 03/04/2019
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 4.4 | Impact Score: 3.6 | Exploitability Score: 0.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Redhat

Vulnerability Summary

Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat ansible engine

Vendor Advisories

Red Hat: Moderate: ansible security and bug fix update
Synopsis Moderate: ansible security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 2Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, ...
Red Hat: Moderate: ansible security and bug fix update
Synopsis Moderate: ansible security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 25Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...
Red Hat: Moderate: ansible security and bug fix update
Synopsis Moderate: ansible security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 27Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...
Red Hat: Moderate: ansible security and bug fix update
Synopsis Moderate: ansible security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 26Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...
Red Hat: CVE-2018-16859
Execution of Ansible content on Microsoft's Windows platform with Powershell 5 or higher may disclose sensitive execution details including 'become' passwords, Ansible module arguments, and return values via Powershell's 'suspicious scriptblock logging' feature, which is enabled by default The details are logged to the Powershell Operational log, ...

References

CWE-532https://github.com/ansible/ansible/pull/49142https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859http://www.securityfocus.com/bid/106004https://access.redhat.com/errata/RHSA-2018:3773https://access.redhat.com/errata/RHSA-2018:3772https://access.redhat.com/errata/RHSA-2018:3771https://access.redhat.com/errata/RHSA-2018:3770http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.htmlhttps://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2018:3772https://access.redhat.com/security/cve/cve-2018-16859
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook