5.9
CVE-2018-10855
- EPSS 2.52%
- Published 03.07.2018 01:29:00
- Last modified 21.11.2024 03:42:08
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.
Data is provided by the National Vulnerability Database (NVD)
Redhat ≫ Ansible Engine Version >= 2.4 < 2.4.5
Redhat ≫ Ansible Engine Version > 2.5 <= 2.5.5
Redhat ≫ Ansible Engine Version2.0
Redhat ≫ Cloudforms Version4.6
Redhat ≫ Virtualization Version4.0
Debian ≫ Debian Linux Version9.0
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version19.04
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.52% | 0.848 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
| secalert@redhat.com | 5.9 | 2.2 | 3.6 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.