4.4
CVE-2018-16859
- EPSS 0.1%
- Published 29.11.2018 18:29:00
- Last modified 21.11.2024 03:53:27
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.
Data is provided by the National Vulnerability Database (NVD)
Redhat ≫ Ansible Engine Version < 2.5.13
Redhat ≫ Ansible Engine Version >= 2.6.0 < 2.6.10
Redhat ≫ Ansible Engine Version >= 2.7.0 < 2.7.4
Redhat ≫ Ansible Engine Version >= 2.7.5 <= 2.8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.282 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.4 | 0.8 | 3.6 |
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
| secalert@redhat.com | 4.2 | 0.6 | 3.6 |
CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
|
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.