Required CVE Record Information
Description
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.
CVSS 1 Total
| Score | Severity | Version | Vector String |
|---|---|---|---|
| 5.9 | MEDIUM | 3.0 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
References 11 Total
- access.redhat.com: RHSA-2018:1949 vendor-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855
- access.redhat.com: RHBA-2018:3788 vendor-advisory
- access.redhat.com: RHSA-2018:1948 vendor-advisory
- access.redhat.com: RHSA-2018:2184 vendor-advisory
- access.redhat.com: RHSA-2018:2022 vendor-advisory
- access.redhat.com: RHSA-2019:0054 vendor-advisory
- access.redhat.com: RHSA-2018:2079 vendor-advisory
- access.redhat.com: RHSA-2018:2585 vendor-advisory
- debian.org: DSA-4396 vendor-advisory
- usn.ubuntu.com: USN-4072-1 vendor-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 11 Total
- access.redhat.com: RHSA-2018:1949 vendor-advisoryx_transferred
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855 x_transferred
- access.redhat.com: RHBA-2018:3788 vendor-advisoryx_transferred
- access.redhat.com: RHSA-2018:1948 vendor-advisoryx_transferred
- access.redhat.com: RHSA-2018:2184 vendor-advisoryx_transferred
- access.redhat.com: RHSA-2018:2022 vendor-advisoryx_transferred
- access.redhat.com: RHSA-2019:0054 vendor-advisoryx_transferred
- access.redhat.com: RHSA-2018:2079 vendor-advisoryx_transferred
- access.redhat.com: RHSA-2018:2585 vendor-advisoryx_transferred
- debian.org: DSA-4396 vendor-advisoryx_transferred
- usn.ubuntu.com: USN-4072-1 vendor-advisoryx_transferred