CVE-2018-16876
published 2019-01-03CVE-2018-16876: ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible…
medium5.3CVSS 3.1
AVNACHPRLUINSUCHINAN
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | ansible | < ansible 2.7.6+dfsg-1 (bookworm) | ansible 2.7.6+dfsg-1 (bookworm) |
| debian | debian_linux | — | — |
| red_hat | ansible | — | — |
| red_hat | ansible | — | — |
| red_hat | ansible | — | — |
| redhat | ansible | >= 0 < 2.7.6+dfsg-1 | 2.7.6+dfsg-1 |
| redhat | ansible | >= 0 < 2.7.6+dfsg-1 | 2.7.6+dfsg-1 |
| redhat | ansible | >= 0 < 2.7.6+dfsg-1 | 2.7.6+dfsg-1 |
| redhat | ansible | >= 0 < 2.7.6+dfsg-1 | 2.7.6+dfsg-1 |
| redhat | ansible | >= 0 < 2.5.14 | 2.5.14 |
| redhat | ansible | >= 0 < 2.0.0.2-2ubuntu1.3 | 2.0.0.2-2ubuntu1.3 |
| redhat | ansible | >= 0 < 2.5.1+dfsg-1ubuntu0.1 | 2.5.1+dfsg-1ubuntu0.1 |
| redhat | ansible | >= 2.5.0 < 2.5.14 | 2.5.14 |
| redhat | ansible | >= 2.6.0 < 2.6.11 | 2.6.11 |
| redhat | ansible | >= 2.6.0a1 < 2.6.11 | 2.6.11 |
| redhat | ansible | >= 2.7.0 < 2.7.5 | 2.7.5 |
| redhat | ansible | >= 2.7.0a1 < 2.7.5 | 2.7.5 |
| redhat | ansible_engine | — | — |
| redhat | ansible_engine | — | — |
| redhat | ansible_engine | — | — |
| redhat | ansible_engine | — | — |
| redhat | enterprise_linux_desktop | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
osv9.8CRITICAL