CVE-2018-16876

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-16876

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-16876.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-16876

Aliases

Downstream

ALPINE-CVE-2018-16876

DEBIAN-CVE-2018-16876

DSA-4396-1

RHSA-2018:3835

RHSA-2018:3836

RHSA-2018:3837

RHSA-2018:3838

RHSA-2019:0564

RHSA-2019:0590

SUSE-SU-2020:3309-1

UBUNTU-CVE-2018-16876

USN-4072-1

openSUSE-SU-2019:0238-1

openSUSE-SU-2019:1125-1

openSUSE-SU-2019:1635-1

openSUSE-SU-2019:1858-1

openSUSE-SU-2024:10615-1

openSUSE-SU-2024:14244-1

openSUSE-SU-2024:14536-1

Related

Published

2019-01-03T15:29:01Z

Modified

2025-10-08T03:25:04.321006Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.

References

Affected packages

Git / github.com/ansible/ansible

Affected ranges

Type: GIT
Repo: https://github.com/ansible/ansible
Events: Introduced

2c2dd1a1b3eca6248979e04e70afff6dd3fcf366

Fixed

208ef773653303302eac8fc03859c6adf10a5656

Affected versions

v2.*

v2.5.0

v2.5.1

v2.5.10

v2.5.11

v2.5.12

v2.5.13

v2.5.2

v2.5.3

v2.5.4

v2.5.5

v2.5.6

v2.5.7

v2.5.8

v2.5.9