CVE-2018-10855 Vulnerability Details

  /     /     /  

CVE-2018-10855 Metadata Quick Info

CVE Published: 02/07/2018 | CVE Updated: 05/08/2024 | CVE Year: 2018
Source: redhat | Vendor: [UNKNOWN] | Product: ansible
Status : PUBLISHED

---

CVE-2018-10855 Description

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-532
CWE Name: CWE-532
Source: [UNKNOWN]

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).