CVE-2018-16859 — Log File Information Exposure in Redhat Ansible Engine

CWE-532 — Log File Information Exposure8 documents7 sources

Severity

4.4MEDIUMNVD

CNA4.2

EPSS

0.1%

top 73.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Ansible Redhat Ansible Engine RED HAT Ansible

Timeline

PublishedNov 29

Latest updateMay 14

Description

Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages4 packages

▶NVDredhat/ansible_engine2.6.0 — 2.6.10+3

▶PyPIredhat/ansible2.7.0a1 — 2.7.3+2

▶Alpineredhat/ansible< 2.7.3-r0

▶CVEListV5red_hat/ansible2.8 and older

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Ansible Logs Passwords If PowerShell ScriptBlock is Enabled↗2022-05-14

▶

OSV

Ansible Logs Passwords If PowerShell ScriptBlock is Enabled↗2022-05-14

▶

CVEList

CVE-2018-16859: Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to↗2018-11-29

▶

OSV

CVE-2018-16859: Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to↗2018-11-29

▶

📋Vendor Advisories

Red Hat

ansible: become password logged in plaintext when used with PowerShell on Windows↗2018-11-16

▶

Debian

CVE-2018-16859: ansible - Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock ...↗2018

▶

💬Community

Bugzilla

CVE-2018-16859 ansible: become password logged in plaintext when used with PowerShell on Windows↗2018-11-14

▶