CVE-2018-16859

CVSS v4.0

6.7

Medium

Vector

AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Ansible Engine versions prior to 2.9

Description The issue allows for 'become' passwords to appear in EventLogs in plaintext when executing Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled. A local user with administrator privileges can view these logs and discover the plaintext password.

Recommendations For Ansible Engine versions prior to 2.9, consider disabling PowerShell ScriptBlock logging and Module logging as a temporary workaround to prevent plaintext passwords from being logged. Restrict access to EventLogs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

ALT-PU-2018-2823

ALT-PU-2019-2615

ALT-PU-2020-1490

CVE-2018-16859

GHSA-V735-2PP6-H86R

OPENSUSE-SU-2019:0238-1

OPENSUSE-SU-2019:1125-1

OPENSUSE-SU-2019:1635-1

OPENSUSE-SU-2019:1858-1

OPENSUSE-SU-2019_1635-1

OPENSUSE-SU-2024:10615-1

OPENSUSE-SU-2024:14244-1

OPENSUSE-SU-2024:14536-1

OPENSUSE-SU-2025:15605-1

OPENSUSE-SU-2025:15753-1

OPENSUSE-SU-2026:10944-1

PYSEC-2018-60

RHSA-2018:3770

RHSA-2018:3771

RHSA-2018:3772

RHSA-2018:3773

SUSE-SU-2020:3309-1

Affected Products

Alt Linux

Ansible Engine

Suse

CVE-2018-16859

Weakness Enumeration

Related Identifiers

Affected Products

References · 164