pysec-2019-141
Vulnerability from pysec
Published
2019-01-03 15:29
Modified
2021-06-10 06:51
Details
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
Aliases
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "ansible", "purl": "pkg:pypi/ansible" }, "ranges": [ { "events": [ { "introduced": "2.5.0" }, { "fixed": "2.5.14" }, { "introduced": "2.6.0" }, { "fixed": "2.6.11" }, { "introduced": "2.7.0" }, { "fixed": "2.7.5" } ], "type": "ECOSYSTEM" } ], "versions": [ "2.5.0", "2.5.1", "2.5.10", "2.5.11", "2.5.12", "2.5.13", "2.5.2", "2.5.3", "2.5.4", "2.5.5", "2.5.6", "2.5.7", "2.5.8", "2.5.9", "2.6.0", "2.6.1", "2.6.10", "2.6.2", "2.6.3", "2.6.4", "2.6.5", "2.6.6", "2.6.7", "2.6.8", "2.6.9", "2.7.0", "2.7.1", "2.7.2", "2.7.3", "2.7.4" ] } ], "aliases": [ "CVE-2018-16876" ], "details": "ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.", "id": "PYSEC-2019-141", "modified": "2021-06-10T06:51:54.692225Z", "published": "2019-01-03T15:29:00Z", "references": [ { "type": "WEB", "url": "https://github.com/ansible/ansible/pull/49569" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16876" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2018:3838" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2018:3837" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2018:3836" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2018:3835" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/106225" }, { "type": "ADVISORY", "url": "https://www.debian.org/security/2019/dsa-4396" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2019:0564" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2019:0590" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html" }, { "type": "WEB", "url": "https://usn.ubuntu.com/4072-1/" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html" } ] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.