CVE-2018-16876

Impact:
Low
Public Date:
2018-12-07
CWE:
CWE-200
Bugzilla:
1657330: CVE-2018-16876 ansible: Information disclosure in vvv+ mode with no_log on

The MITRE CVE dictionary describes this issue as:

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.

Find out more about CVE-2018-16876 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 3.1
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Impact None
Availability Impact None

Red Hat Security Errata

Platform Errata Release Date
Red Hat OpenStack Platform 13.0 (Queens) (ansible) RHSA-2019:0564 2019-03-14
Red Hat Ansible Engine 2 for RHEL 7 (ansible) RHSA-2018:3838 2018-12-18
Red Hat OpenStack Platform 14.0 (Rocky) (ansible) RHSA-2019:0590 2019-03-18
Red Hat Ansible Engine 2.6 for RHEL 7 (ansible) RHSA-2018:3836 2018-12-18
Red Hat Ansible Engine 2.5 for RHEL 7 (ansible) RHSA-2018:3835 2018-12-18
Red Hat Ansible Engine 2.7 for RHEL 7 (ansible) RHSA-2018:3837 2018-12-18

Affected Packages State

Platform Package State
Red Hat Satellite 6 ansible Affected
Red Hat OpenStack Platform 10 ansible Affected
Red Hat OpenShift Enterprise 3.2 ansible Will not fix
Red Hat OpenShift Container Platform 3.7 ansible Will not fix
Red Hat OpenShift Container Platform 3.6 ansible Will not fix
Red Hat OpenShift Container Platform 3.5 ansible Will not fix
Red Hat OpenShift Container Platform 3.4 ansible Will not fix
Red Hat OpenShift Container Platform 3.3 ansible Will not fix
Red Hat Gluster Storage 3 ansible Will not fix
Red Hat Ceph Storage 3 ansible Affected
Red Hat Ceph Storage 2 ansible Affected
Red Hat Ansible Tower 3 for RHEL 7 ansible Not affected

External References

Last Modified

CVE description copyright © 2017, The MITRE Corporation