PT-2018-13775 · Ansible+2 · Ansible Engine+2

Nitzmahone

·

Publicado

2018-11-29

·

Atualizado

2026-06-03

·

CVE-2018-16859

CVSS v4.0

6.7

Média

VetorAV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Ansible Engine versions prior to 2.9
Description The issue allows for 'become' passwords to appear in EventLogs in plaintext when executing Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled. A local user with administrator privileges can view these logs and discover the plaintext password.
Recommendations For Ansible Engine versions prior to 2.9, consider disabling PowerShell ScriptBlock logging and Module logging as a temporary workaround to prevent plaintext passwords from being logged. Restrict access to EventLogs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insertion into Log File

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-532

Identificadores relacionados

ALT-PU-2018-2823
ALT-PU-2019-2615
ALT-PU-2020-1490
CVE-2018-16859
GHSA-V735-2PP6-H86R
OPENSUSE-SU-2019:0238-1
OPENSUSE-SU-2019:1125-1
OPENSUSE-SU-2019:1635-1
OPENSUSE-SU-2019:1858-1
OPENSUSE-SU-2019_1635-1
OPENSUSE-SU-2024:10615-1
OPENSUSE-SU-2024:14244-1
OPENSUSE-SU-2024:14536-1
OPENSUSE-SU-2025:15605-1
OPENSUSE-SU-2025:15753-1
OPENSUSE-SU-2026:10944-1
PYSEC-2018-60
RHSA-2018:3770
RHSA-2018:3771
RHSA-2018:3772
RHSA-2018:3773
SUSE-SU-2020:3309-1

Produtos afetados

Alt Linux
Ansible Engine
Suse