5.9

CVE-2018-10855

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatAnsible Engine Version >= 2.4 < 2.4.5
RedhatAnsible Engine Version > 2.5 <= 2.5.5
RedhatAnsible Engine Version2.0
RedhatCloudforms Version4.6
RedhatOpenstack Version13
RedhatVirtualization Version4.0
DebianDebian Linux Version9.0
RedhatOpenstack Version10
RedhatOpenstack Version12
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.04
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.09% 0.86
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
secalert@redhat.com 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://access.redhat.com/errata/RHBA-2018:3788
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:2585
Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:0054
Vendor Advisory
https://usn.ubuntu.com/4072-1/
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1948
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1949
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:2022
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:2079
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:2184
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855
Vendor Advisory
Issue Tracking
https://www.debian.org/security/2019/dsa-4396
Third Party Advisory