CVE-2018-10855 MEDIUM

CVE-2018-10855

Vendor [Unknown]
Product ansible
Weakness CWE-532 · Sensitive info in logs
Published July 2, 2018
Last update August 5, 2024

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.

Key dates

02Disclosure timeline

July 2, 2018 CVE published
August 5, 2024 Record updated