CVE-2018-16876

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.

Published : 2019-01-03 15:29 Updated : 2019-06-27 12:15

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Redhat Ansible 2.5.0 cpe:/a:redhat:ansible:2.5.0
Redhat Ansible 2.5.0 cpe:/a:redhat:ansible:2.5.0:alpha1
Redhat Ansible 2.5.0 cpe:/a:redhat:ansible:2.5.0:beta1
Redhat Ansible 2.5.0 cpe:/a:redhat:ansible:2.5.0:beta2
Redhat Ansible 2.5.0 cpe:/a:redhat:ansible:2.5.0:rc1
Redhat Ansible 2.5.0 cpe:/a:redhat:ansible:2.5.0:rc2
Redhat Ansible 2.5.0 cpe:/a:redhat:ansible:2.5.0:rc3
Redhat Ansible 2.5.1 cpe:/a:redhat:ansible:2.5.1
Redhat Ansible 2.5.2 cpe:/a:redhat:ansible:2.5.2
Redhat Ansible 2.5.3 cpe:/a:redhat:ansible:2.5.3
Redhat Ansible 2.5.4 cpe:/a:redhat:ansible:2.5.4
Redhat Ansible 2.5.5 cpe:/a:redhat:ansible:2.5.5
Redhat Ansible 2.5.6 cpe:/a:redhat:ansible:2.5.6
Redhat Ansible 2.5.7 cpe:/a:redhat:ansible:2.5.7
Redhat Ansible 2.5.8 cpe:/a:redhat:ansible:2.5.8
Redhat Ansible 2.5.9 cpe:/a:redhat:ansible:2.5.9
Redhat Ansible 2.5.10 cpe:/a:redhat:ansible:2.5.10
Redhat Ansible 2.6.0 cpe:/a:redhat:ansible:2.6.0
Redhat Ansible 2.6.0 cpe:/a:redhat:ansible:2.6.0:alpha1
Redhat Ansible 2.6.0 cpe:/a:redhat:ansible:2.6.0:alpha2
Redhat Ansible 2.6.0 cpe:/a:redhat:ansible:2.6.0:rc1
Redhat Ansible 2.6.0 cpe:/a:redhat:ansible:2.6.0:rc2
Redhat Ansible 2.6.0 cpe:/a:redhat:ansible:2.6.0:rc3
Redhat Ansible 2.6.0 cpe:/a:redhat:ansible:2.6.0:rc4
Redhat Ansible 2.6.0 cpe:/a:redhat:ansible:2.6.0:rc5
Redhat Ansible 2.6.1 cpe:/a:redhat:ansible:2.6.1
Redhat Ansible 2.6.2 cpe:/a:redhat:ansible:2.6.2
Redhat Ansible 2.6.3 cpe:/a:redhat:ansible:2.6.3
Redhat Ansible 2.6.4 cpe:/a:redhat:ansible:2.6.4
Redhat Ansible 2.6.5 cpe:/a:redhat:ansible:2.6.5
Redhat Ansible 2.6.6 cpe:/a:redhat:ansible:2.6.6
Redhat Ansible 2.7.0 cpe:/a:redhat:ansible:2.7.0
Redhat Ansible 2.7.0 cpe:/a:redhat:ansible:2.7.0:alpha1
Redhat Ansible 2.7.0 cpe:/a:redhat:ansible:2.7.0:beta1
Redhat Ansible 2.7.0 cpe:/a:redhat:ansible:2.7.0:rc1
Redhat Ansible 2.7.0 cpe:/a:redhat:ansible:2.7.0:rc2
Redhat Ansible 2.7.0 cpe:/a:redhat:ansible:2.7.0:rc3
Redhat Ansible 2.7.0 cpe:/a:redhat:ansible:2.7.0:rc4
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
Redhat Enterprise Linux Desktop 7.0 cpe:/o:redhat:enterprise_linux_desktop:7.0
Redhat Enterprise Linux Server 7.0 cpe:/o:redhat:enterprise_linux_server:7.0
Redhat Enterprise Linux Workstation 7.0 cpe:/o:redhat:enterprise_linux_workstation:7.0
Redhat Ansible 2.5.11 cpe:/a:redhat:ansible:2.5.11
Redhat Ansible 2.5.12 cpe:/a:redhat:ansible:2.5.12
Redhat Ansible 2.5.13 cpe:/a:redhat:ansible:2.5.13
Redhat Ansible 2.6.7 cpe:/a:redhat:ansible:2.6.7
Redhat Ansible 2.6.8 cpe:/a:redhat:ansible:2.6.8
Redhat Ansible 2.6.9 cpe:/a:redhat:ansible:2.6.9
Redhat Ansible 2.6.10 cpe:/a:redhat:ansible:2.6.10
Redhat Ansible 2.7.1 cpe:/a:redhat:ansible:2.7.1
Redhat Ansible 2.7.2 cpe:/a:redhat:ansible:2.7.2
Redhat Ansible 2.7.3 cpe:/a:redhat:ansible:2.7.3
Redhat Ansible 2.7.4 cpe:/a:redhat:ansible:2.7.4
Redhat Ansible Engine 2.0 cpe:/a:redhat:ansible_engine:2.0
Redhat Ansible Engine 2.5 cpe:/a:redhat:ansible_engine:2.5
Redhat Ansible Engine 2.6 cpe:/a:redhat:ansible_engine:2.6
Redhat Ansible Engine 2.7 cpe:/a:redhat:ansible_engine:2.7
Redhat Openstack 14.0 cpe:/a:redhat:openstack:14.0
Suse Package Hub - cpe:/a:suse:package_hub:-
  1. Debian (1) Search CVE
    1. Debian Linux (1) Search CVE
      1. 9.0
  2. Suse (1) Search CVE
    1. Package Hub (1) Search CVE
      1. -
  3. Redhat (6) Search CVE
    1. Enterprise Linux Workstation (1) Search CVE
      1. 7.0
    2. Enterprise Linux Server (1) Search CVE
      1. 7.0
    3. Enterprise Linux Desktop (1) Search CVE
      1. 7.0
    4. Ansible (30) Search CVE
      1. 2.5.0
      2. 2.5.1
      3. 2.5.2
      4. 2.5.3
      5. 2.5.4
      6. 2.5.5
      7. 2.5.6
      8. 2.5.7
      9. 2.5.8
      10. 2.5.9
      11. 2.5.10
      12. 2.6.0
      13. 2.6.1
      14. 2.6.2
      15. 2.6.3
      16. 2.6.4
      17. 2.6.5
      18. 2.6.6
      19. 2.7.0
      20. 2.5.11
      21. 2.5.12
      22. 2.5.13
      23. 2.6.7
      24. 2.6.8
      25. 2.6.9
      26. 2.6.10
      27. 2.7.1
      28. 2.7.2
      29. 2.7.3
      30. 2.7.4
    5. Ansible Engine (4) Search CVE
      1. 2.0
      2. 2.5
      3. 2.6
      4. 2.7
    6. Openstack (1) Search CVE
      1. 14.0

CWE

ID Name Description Links
CWE-200 Information Exposure An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. CVE

History of changes

Date Event
2019-06-27 12:15
2019-04-16 16:05
2019-03-21 16:00
2019-03-15 19:52
2019-03-15 10:29
2019-03-01 23:50
2019-02-20 11:29
2019-01-11 20:39
2019-01-04 11:29
2019-01-03 15:29

New CVE