Main Vulnerability Database SB2018061913

SB2018061913 - Red Hat Ansible Engine 2.5 for RHEL 7 update for ansible

Published: June 19, 2018

Security Bulletin ID SB2018061913

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2018-10855)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper honor of the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2018:1949