CVE-2018-16876

CWE-200 — Information Exposure12 documents8 sources

Severity

5.3MEDIUM

EPSS

0.6%

top 29.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Ansible RED HAT Ansible Canonical Ubuntu Linux +6 more

Timeline

PublishedJan 3

Latest updateMay 13

Description

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages10 packages

▶PyPIansible2.6.0a1 — 2.6.11+2

▶NVDredhat/ansible2.5.0 — 2.5.14+2

▶Debianansible< 2.7.6+dfsg-1+3

▶Ubuntuansible< 2.0.0.2-2ubuntu1.3+1

▶CVEListV5red_hat/ansiblebefore 2.5.14, before 2.6.11, before 2.7.5+2

Also affects: Debian Linux 9.0, Ubuntu Linux 16.04, 18.04, 19.04

Patches

Patch: bugzilla.redhat.com ↗Patch: github.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

Ansible sensitive information disclosure↗2022-05-13

▶

OSV

Ansible sensitive information disclosure↗2022-05-13

▶

OSV

ansible vulnerabilities↗2019-07-24

▶

OSV

CVE-2018-16876: ansible before versions 2↗2019-01-03

▶

CVEList

CVE-2018-16876: ansible before versions 2↗2019-01-03

▶

📋Vendor Advisories

Ubuntu

Ansible vulnerabilities↗2019-07-24

▶

Red Hat

ansible: Information disclosure in vvv+ mode with no_log on↗2018-12-07

▶

Debian

CVE-2018-16876: ansible - ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information dis...↗2018

▶

💬Community

Bugzilla

CVE-2018-16876 ansible: Information disclosure in vvv+ mode with no_log on [epel-all]↗2018-12-07

▶

Bugzilla

CVE-2018-16876 ansible: Information disclosure in vvv+ mode with no_log on↗2018-12-07

▶

Bugzilla

CVE-2018-16876 ansible: Information disclosure in vvv+ mode with no_log on [fedora-all]↗2018-12-07

▶