CVE-2018-16859

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-16859

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-16859.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-16859

Aliases

Related

Published

2018-11-29T18:29:00Z

Modified

2024-07-30T06:04:00.245114Z

Severity

4.4 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.

References

Affected packages

Alpine:v3.9 / ansible

Package

Name: ansible
Purl: pkg:apk/alpine/ansible?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.3-r0

Affected versions

0.*

0.3.1-r0

0.4-r0

0.5-r0

0.7-r0

0.7.1-r0

0.8-r0

0.9-r0

1.*

1.0-r0

1.0-r1

1.1-r0

1.1-r1

1.2-r1

1.2.1-r1

1.2.2-r0

1.2.3-r0

1.3.3-r0

1.3.4-r0

1.4.1-r0

1.4.3-r0

1.4.5-r0

1.5.0-r0

1.5.4-r0

1.5.5-r0

1.6.1-r0

1.6.5-r0

1.6.6-r0

1.6.7-r0

1.7.0-r0

1.7.1-r0

1.7.2-r0

1.8.0-r0

1.8.2-r0

1.8.4-r0

1.9.2-r0

1.9.2-r1

1.9.3-r0

1.9.3-r1

1.9.4-r0

2.*

2.0.0.2-r0

2.0.0.2-r1

2.0.1.0-r1

2.1.0.0-r0

2.1.1.0-r0

2.1.2.0-r0

2.2.0.0-r0

2.2.1.0-r0

2.2.1.0-r1

2.2.2.0-r0

2.3.0.0-r0

2.3.0.0-r1

2.3.1.0-r0

2.3.2.0-r0

2.4.0.0-r0

2.4.1.0-r0

2.4.2.0-r0

2.4.3.0-r0

2.5.0-r0

2.5.2-r0

2.5.4-r0

2.5.5-r0

2.6.0-r0

2.6.1-r0

2.6.3-r0

2.7.0-r0

2.7.0-r1

Git / github.com/ansible/ansible

Affected ranges

Type: GIT
Repo: https://github.com/ansible/ansible
Events: Introduced

0a07068054090d5b78b27496aa251be74c484b45

Fixed

81879e97925921da225e0fd6010516f765d18d86

Affected versions

v2.*

v2.7.0

v2.7.1

v2.7.2

v2.7.3