Red Hat · Ansible · CVE-2018-10855
**Name of the Vulnerable Software and Affected Versions**
Ansible versions 2.4 through 2.4.4
Ansible versions 2.5 through 2.5.4
**Description**
The issue is related to the incorrect handling of the `no log` option in Ansible, which is designed to prevent task logging. When a task fails, sensitive data may be displayed in event logs and on the user's terminal, allowing a remote attacker to gain unauthorized access to information.
**Recommendations**
For Ansible versions 2.4 through 2.4.4, update to version 2.4.5 or later.
For Ansible versions 2.5 through 2.5.4, update to version 2.5.5 or later.