PT-2018-2518 · Red Hat+4 · Ansible+4

Published

2018-12-06

·

Updated

2025-11-21

·

CVE-2018-16876

CVSS v4.0

8.2

High

VectorAV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Ansible versions prior to 2.5.14 Ansible versions prior to 2.6.11 Ansible versions prior to 2.7.5
Description The issue is related to a information disclosure flaw in vvv+ mode when no log is on, which can lead to the leakage of sensitive data. This flaw allows a remote attacker to gain unauthorized access to information.
Recommendations For versions prior to 2.5.14, update to version 2.5.14 or later to resolve the issue. For versions prior to 2.6.11, update to version 2.6.11 or later to resolve the issue. For versions prior to 2.7.5, update to version 2.7.5 or later to resolve the issue. As a temporary workaround, consider disabling the vvv+ mode until a patch is available.

Fix

Information Disclosure

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2019-1273
BDU:2019-00889
CVE-2018-16876
DSA-4396-1
GHSA-J569-FGHW-F9RX
MGASA-2019-0023
OPENSUSE-SU-2019:0238-1
OPENSUSE-SU-2019:1125-1
OPENSUSE-SU-2019:1635-1
OPENSUSE-SU-2019:1858-1
OPENSUSE-SU-2019_1635-1
OPENSUSE-SU-2024:10615-1
OPENSUSE-SU-2024:14244-1
OPENSUSE-SU-2024:14536-1
OPENSUSE-SU-2025:15605-1
OPENSUSE-SU-2025:15753-1
PYSEC-2019-141
RHSA-2018:3835
RHSA-2018:3836
RHSA-2018:3837
RHSA-2018:3838
RHSA-2019:0564
RHSA-2019:0590
SUSE-SU-2020:3309-1
USN-4072-1

Affected Products

Alt Linux
Ansible
Ansible-Core
Suse
Ubuntu