CVE-2018-10855
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-10855
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-10855.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-10855
- Aliases
- Related
- Published
- 2018-07-03T01:29:00Z
- Modified
- 2024-11-02T04:49:55.104310Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.
- References
-
- https://access.redhat.com/errata/RHBA-2018:3788
- https://access.redhat.com/errata/RHSA-2018:1948
- https://access.redhat.com/errata/RHSA-2018:1949
- https://access.redhat.com/errata/RHSA-2018:2022
- https://access.redhat.com/errata/RHSA-2018:2079
- https://access.redhat.com/errata/RHSA-2018:2184
- https://access.redhat.com/errata/RHSA-2018:2585
- https://access.redhat.com/errata/RHSA-2019:0054
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855
- https://www.debian.org/security/2019/dsa-4396
- https://usn.ubuntu.com/4072-1/
- https://security.alpinelinux.org/vuln/CVE-2018-10855
- https://security-tracker.debian.org/tracker/CVE-2018-10855
Affected packages
Alpine:v3.7 / ansible
Package
- Name
- ansible
- Purl
- pkg:apk/alpine/ansible?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.6.0-r0
Affected versions
0.*
0.3.1-r0
0.4-r0
0.5-r0
0.7-r0
0.7.1-r0
0.8-r0
0.9-r0
1.*
1.0-r0
1.0-r1
1.1-r0
1.1-r1
1.2-r1
1.2.1-r1
1.2.2-r0
1.2.3-r0
1.3.3-r0
1.3.4-r0
1.4.1-r0
1.4.3-r0
1.4.5-r0
1.5.0-r0
1.5.4-r0
1.5.5-r0
1.6.1-r0
1.6.5-r0
1.6.6-r0
1.6.7-r0
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.8.0-r0
1.8.2-r0
1.8.4-r0
1.9.2-r0
1.9.2-r1
1.9.3-r0
1.9.3-r1
1.9.4-r0
2.*
2.0.0.2-r0
2.0.0.2-r1
2.0.1.0-r1
2.1.0.0-r0
2.1.1.0-r0
2.1.2.0-r0
2.2.0.0-r0
2.2.1.0-r0
2.2.1.0-r1
2.2.2.0-r0
2.3.0.0-r0
2.3.0.0-r1
2.3.1.0-r0
2.3.2.0-r0
2.4.0.0-r0
2.4.1.0-r0
Debian:11 / ansible
Package
- Name
- ansible
- Purl
- pkg:deb/debian/ansible?arch=source
Debian:12 / ansible
Package
- Name
- ansible
- Purl
- pkg:deb/debian/ansible?arch=source
Debian:13 / ansible
Package
- Name
- ansible
- Purl
- pkg:deb/debian/ansible?arch=source
Git / github.com/ansible/ansible
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ansible/ansible
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.0.1
0.0.2
0.01
0.3
0.7
v1.*
v1.0
v1.1
v1.2
v1.4.0
v1.5.0
v1.5.1
v1.6.0
Other
v1_last
v2.*
v2.0.0-0.1.alpha1
v2.0.0-0.2.alpha2
v2.0.0-0.3.beta1
v2.0.0-0.4.beta2
v2.0.0-0.5.beta3
v2.4.0.0-0.1.rc1
v2.4.0.0-0.2.rc2
v2.4.0.0-0.3.rc3
v2.4.0.0-0.4.rc4
v2.4.0.0-0.5.rc5
v2.4.0.0-1
v2.4.1.0-0.1.beta1
v2.4.1.0-0.2.beta2
v2.4.1.0-0.3.rc1
v2.4.1.0-0.4.rc2
v2.4.1.0-1
v2.4.2.0-0.1.beta1
v2.4.2.0-0.2.beta2
v2.4.2.0-0.3.beta3
v2.4.2.0-0.4.beta4
v2.4.2.0-0.5.rc1
v2.4.2.0-1
v2.4.3-0.3.beta3
v2.4.3.0-0.1.beta1
v2.4.3.0-0.2.beta2
v2.4.3.0-0.4.rc1
v2.4.3.0-0.5.rc2
v2.4.3.0-0.6.rc3
v2.4.3.0-1
v2.4.4-0.1.beta1
v2.4.4-0.2.rc1
v2.4.4.0-0.3.rc2
v2.4.4.0-1
v2.4.5.0-0.1.rc1