First published: Fri Dec 07 2018(Updated: )
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in `vvv+` mode with no_log on that can lead to leakage of sensible data.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Ansible | >=2.5.0<2.5.14 | |
Redhat Ansible | >=2.6.0<2.6.11 | |
Redhat Ansible | >=2.7.0<2.7.5 | |
Debian Debian Linux | =9.0 | |
Redhat Ansible Engine | =2.0 | |
Redhat Ansible Engine | =2.5 | |
Redhat Ansible Engine | =2.6 | |
Redhat Ansible Engine | =2.7 | |
Redhat Openstack | =14 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
Suse Package Hub | ||
SUSE Linux Enterprise | =12.0 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.04 | |
redhat/ansible-engine | <2.5.14 | 2.5.14 |
redhat/ansible-engine | <2.6.11 | 2.6.11 |
redhat/ansible-engine | <2.7.5 | 2.7.5 |
pip/ansible | >=2.7.0a1<2.7.5 | 2.7.5 |
pip/ansible | >=2.6.0a1<2.6.11 | 2.6.11 |
pip/ansible | <2.5.14 | 2.5.14 |
All of | ||
Suse Package Hub | ||
SUSE Linux Enterprise | =12.0 | |
debian/ansible | 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1 2.10.7+merged+base+2.10.17+dfsg-0+deb11u2 7.7.0+dfsg-3+deb12u1 11.1.0+dfsg-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this Ansible vulnerability is CVE-2018-16876.
The severity level of CVE-2018-16876 is medium with a CVSS score of 5.3.
The affected software for CVE-2018-16876 includes Ansible versions 2.5.14, 2.6.11, and 2.7.5.
To fix CVE-2018-16876, update Ansible to version 2.5.14, 2.6.11, or 2.7.5.
You can find more information about CVE-2018-16876 at the following references: [GitHub](https://github.com/ansible/ansible/pull/49569), [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16876), [Red Hat Security Advisory](https://access.redhat.com/errata/RHSA-2018:3835).