ALT-PU-2019-1273-1
Closed vulnerabilities
Published: 2018-12-06
BDU:2019-00889
Уязвимость системы управления конфигурациями Ansible, связанная c раскрытием конфиденциальных данных в режиме vvv+, позволяющая нарушителю получить несанкционированный доступ к информации
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2019-01-03
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-16876
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
Severity: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
- openSUSE-SU-2019:1125
- openSUSE-SU-2019:1125
- openSUSE-SU-2019:1635
- openSUSE-SU-2019:1635
- openSUSE-SU-2019:1858
- openSUSE-SU-2019:1858
- 106225
- 106225
- RHSA-2018:3835
- RHSA-2018:3835
- RHSA-2018:3836
- RHSA-2018:3836
- RHSA-2018:3837
- RHSA-2018:3837
- RHSA-2018:3838
- RHSA-2018:3838
- RHSA-2019:0564
- RHSA-2019:0564
- RHSA-2019:0590
- RHSA-2019:0590
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16876
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16876
- https://github.com/ansible/ansible/pull/49569
- https://github.com/ansible/ansible/pull/49569
- USN-4072-1
- USN-4072-1
- DSA-4396
- DSA-4396