CVE-2018-10855

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-10855
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-10855.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-10855
Aliases
Related
Published
2018-07-03T01:29:00Z
Modified
2024-11-02T04:49:55.104310Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.

References

Affected packages

Alpine:v3.7 / ansible

Package

Name
ansible
Purl
pkg:apk/alpine/ansible?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.6.0-r0

Affected versions

0.*

0.3.1-r0
0.4-r0
0.5-r0
0.7-r0
0.7.1-r0
0.8-r0
0.9-r0

1.*

1.0-r0
1.0-r1
1.1-r0
1.1-r1
1.2-r1
1.2.1-r1
1.2.2-r0
1.2.3-r0
1.3.3-r0
1.3.4-r0
1.4.1-r0
1.4.3-r0
1.4.5-r0
1.5.0-r0
1.5.4-r0
1.5.5-r0
1.6.1-r0
1.6.5-r0
1.6.6-r0
1.6.7-r0
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.8.0-r0
1.8.2-r0
1.8.4-r0
1.9.2-r0
1.9.2-r1
1.9.3-r0
1.9.3-r1
1.9.4-r0

2.*

2.0.0.2-r0
2.0.0.2-r1
2.0.1.0-r1
2.1.0.0-r0
2.1.1.0-r0
2.1.2.0-r0
2.2.0.0-r0
2.2.1.0-r0
2.2.1.0-r1
2.2.2.0-r0
2.3.0.0-r0
2.3.0.0-r1
2.3.1.0-r0
2.3.2.0-r0
2.4.0.0-r0
2.4.1.0-r0

Debian:11 / ansible

Package

Name
ansible
Purl
pkg:deb/debian/ansible?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.5+dfsg-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / ansible

Package

Name
ansible
Purl
pkg:deb/debian/ansible?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.5+dfsg-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / ansible

Package

Name
ansible
Purl
pkg:deb/debian/ansible?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.5+dfsg-1

Ecosystem specific

{
    "urgency": "low"
}

Git / github.com/ansible/ansible

Affected ranges

Type
GIT
Repo
https://github.com/ansible/ansible
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.0.1
0.0.2
0.01
0.3
0.7

v1.*

v1.0
v1.1
v1.2
v1.4.0
v1.5.0
v1.5.1
v1.6.0

Other

v1_last

v2.*

v2.0.0-0.1.alpha1
v2.0.0-0.2.alpha2
v2.0.0-0.3.beta1
v2.0.0-0.4.beta2
v2.0.0-0.5.beta3
v2.4.0.0-0.1.rc1
v2.4.0.0-0.2.rc2
v2.4.0.0-0.3.rc3
v2.4.0.0-0.4.rc4
v2.4.0.0-0.5.rc5
v2.4.0.0-1
v2.4.1.0-0.1.beta1
v2.4.1.0-0.2.beta2
v2.4.1.0-0.3.rc1
v2.4.1.0-0.4.rc2
v2.4.1.0-1
v2.4.2.0-0.1.beta1
v2.4.2.0-0.2.beta2
v2.4.2.0-0.3.beta3
v2.4.2.0-0.4.beta4
v2.4.2.0-0.5.rc1
v2.4.2.0-1
v2.4.3-0.3.beta3
v2.4.3.0-0.1.beta1
v2.4.3.0-0.2.beta2
v2.4.3.0-0.4.rc1
v2.4.3.0-0.5.rc2
v2.4.3.0-0.6.rc3
v2.4.3.0-1
v2.4.4-0.1.beta1
v2.4.4-0.2.rc1
v2.4.4.0-0.3.rc2
v2.4.4.0-1
v2.4.5.0-0.1.rc1