CVE-2018-10855

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.

Published : 2018-07-03 01:29 Updated : 2019-07-25 02:15

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Redhat Ansible Engine 2.4 cpe:/a:redhat:ansible_engine:2.4
Redhat Openstack 10 cpe:/a:redhat:openstack:10
Redhat Openstack 12 cpe:/a:redhat:openstack:12
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
Redhat Ansible Engine 2.0 cpe:/a:redhat:ansible_engine:2.0
Redhat Cloudforms 4.6 cpe:/a:redhat:cloudforms:4.6
Redhat Openstack 13.0 cpe:/a:redhat:openstack:13.0
Redhat Virtualization 4.0 cpe:/a:redhat:virtualization:4.0
  1. Debian (1) Search CVE
    1. Debian Linux (1) Search CVE
      1. 9.0
  2. Redhat (4) Search CVE
    1. Ansible Engine (2) Search CVE
      1. 2.4
      2. 2.0
    2. Openstack (3) Search CVE
      1. 10
      2. 12
      3. 13.0
    3. Virtualization (1) Search CVE
      1. 4.0
    4. Cloudforms (1) Search CVE
      1. 4.6

CWE

ID Name Description Links
CWE-532 Information Exposure Through Log Files Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. CVE

History of changes

Date Event
2019-07-25 02:15
2019-03-02 00:22
2019-02-20 11:29
2019-01-17 11:29
2018-12-06 11:29
2018-09-04 16:23
2018-08-30 10:29
2018-07-14 01:29
2018-07-04 01:29
2018-07-03 01:29

New CVE