CVE-2018-16876

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_engine:2.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_engine:2.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ansible_engine:2.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

History

04 Aug 2021, 17:15

Type Values Removed Values Added
CPE cpe:2.3:a:redhat:openstack:14.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*

Information

Published : 2019-01-03 15:29

Updated : 2023-12-10 12:44


NVD link : CVE-2018-16876

Mitre link : CVE-2018-16876

CVE.ORG link : CVE-2018-16876


JSON object : View

Products Affected

debian

  • debian_linux

redhat

  • ansible_engine
  • openstack
  • ansible
  • enterprise_linux_server
  • enterprise_linux_workstation
  • enterprise_linux_desktop

suse

  • package_hub
  • linux_enterprise

canonical

  • ubuntu_linux
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor