CVE-2018-16876

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.

Published : 2019-01-03 15:29 Updated : 2019-03-21 16:00

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Redhat Ansible 2.5.0 cpe:/a:redhat:ansible:2.5.0
Redhat Ansible 2.5.0 cpe:/a:redhat:ansible:2.5.0:alpha1
Redhat Ansible 2.5.0 cpe:/a:redhat:ansible:2.5.0:beta1
Redhat Ansible 2.5.0 cpe:/a:redhat:ansible:2.5.0:beta2
Redhat Ansible 2.5.0 cpe:/a:redhat:ansible:2.5.0:rc1
Redhat Ansible 2.5.0 cpe:/a:redhat:ansible:2.5.0:rc2
Redhat Ansible 2.5.0 cpe:/a:redhat:ansible:2.5.0:rc3
Redhat Ansible 2.5.1 cpe:/a:redhat:ansible:2.5.1
Redhat Ansible 2.5.2 cpe:/a:redhat:ansible:2.5.2
Redhat Ansible 2.5.3 cpe:/a:redhat:ansible:2.5.3
Redhat Ansible 2.5.4 cpe:/a:redhat:ansible:2.5.4
Redhat Ansible 2.5.5 cpe:/a:redhat:ansible:2.5.5
Redhat Ansible 2.5.6 cpe:/a:redhat:ansible:2.5.6
Redhat Ansible 2.5.7 cpe:/a:redhat:ansible:2.5.7
Redhat Ansible 2.5.8 cpe:/a:redhat:ansible:2.5.8
Redhat Ansible 2.5.9 cpe:/a:redhat:ansible:2.5.9
Redhat Ansible 2.5.10 cpe:/a:redhat:ansible:2.5.10
Redhat Ansible 2.6.0 cpe:/a:redhat:ansible:2.6.0
Redhat Ansible 2.6.0 cpe:/a:redhat:ansible:2.6.0:alpha1
Redhat Ansible 2.6.0 cpe:/a:redhat:ansible:2.6.0:alpha2
Redhat Ansible 2.6.0 cpe:/a:redhat:ansible:2.6.0:rc1
Redhat Ansible 2.6.0 cpe:/a:redhat:ansible:2.6.0:rc2
Redhat Ansible 2.6.0 cpe:/a:redhat:ansible:2.6.0:rc3
Redhat Ansible 2.6.0 cpe:/a:redhat:ansible:2.6.0:rc4
Redhat Ansible 2.6.0 cpe:/a:redhat:ansible:2.6.0:rc5
Redhat Ansible 2.6.1 cpe:/a:redhat:ansible:2.6.1
Redhat Ansible 2.6.2 cpe:/a:redhat:ansible:2.6.2
Redhat Ansible 2.6.3 cpe:/a:redhat:ansible:2.6.3
Redhat Ansible 2.6.4 cpe:/a:redhat:ansible:2.6.4
Redhat Ansible 2.6.5 cpe:/a:redhat:ansible:2.6.5
Redhat Ansible 2.6.6 cpe:/a:redhat:ansible:2.6.6
Redhat Ansible 2.7.0 cpe:/a:redhat:ansible:2.7.0
Redhat Ansible 2.7.0 cpe:/a:redhat:ansible:2.7.0:alpha1
Redhat Ansible 2.7.0 cpe:/a:redhat:ansible:2.7.0:beta1
Redhat Ansible 2.7.0 cpe:/a:redhat:ansible:2.7.0:rc1
Redhat Ansible 2.7.0 cpe:/a:redhat:ansible:2.7.0:rc2
Redhat Ansible 2.7.0 cpe:/a:redhat:ansible:2.7.0:rc3
Redhat Ansible 2.7.0 cpe:/a:redhat:ansible:2.7.0:rc4
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
Redhat Openstack 13.0 cpe:/a:redhat:openstack:13.0
Redhat Enterprise Linux Desktop 7.0 cpe:/o:redhat:enterprise_linux_desktop:7.0
Redhat Enterprise Linux Server 7.0 cpe:/o:redhat:enterprise_linux_server:7.0
Redhat Enterprise Linux Workstation 7.0 cpe:/o:redhat:enterprise_linux_workstation:7.0
  1. Redhat (5) Search CVE
    1. Enterprise Linux Workstation (1) Search CVE
      1. 7.0
    2. Openstack (1) Search CVE
      1. 13.0
    3. Enterprise Linux Desktop (1) Search CVE
      1. 7.0
    4. Ansible (19) Search CVE
      1. 2.5.0
      2. 2.5.1
      3. 2.5.2
      4. 2.5.3
      5. 2.5.4
      6. 2.5.5
      7. 2.5.6
      8. 2.5.7
      9. 2.5.8
      10. 2.5.9
      11. 2.5.10
      12. 2.6.0
      13. 2.6.1
      14. 2.6.2
      15. 2.6.3
      16. 2.6.4
      17. 2.6.5
      18. 2.6.6
      19. 2.7.0
    5. Enterprise Linux Server (1) Search CVE
      1. 7.0
  2. Debian (1) Search CVE
    1. Debian Linux (1) Search CVE
      1. 9.0

CWE

ID Name Description Links
CWE-200 Information Exposure An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. CVE

History of changes

Date Event
2019-03-21 16:00
2019-03-15 19:52
2019-03-15 10:29
2019-03-01 23:50
2019-02-20 11:29
2019-01-11 20:39
2019-01-04 11:29
2019-01-03 15:29

New CVE