4.4
CVE-2018-16859
- EPSS 0.1%
- Veröffentlicht 29.11.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:53:27
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Ansible Engine Version < 2.5.13
Redhat ≫ Ansible Engine Version >= 2.6.0 < 2.6.10
Redhat ≫ Ansible Engine Version >= 2.7.0 < 2.7.4
Redhat ≫ Ansible Engine Version >= 2.7.5 <= 2.8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.282 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.4 | 0.8 | 3.6 |
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
| secalert@redhat.com | 4.2 | 0.6 | 3.6 |
CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
|
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.