{ "threat_severity" : "Moderate", "public_date" : "2018-12-07T00:00:00Z", "bugzilla" : { "description" : "ansible: Information disclosure in vvv+ mode with no_log on", "id" : "1657330", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1657330" }, "cvss3" : { "cvss3_base_score" : "5.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "status" : "verified" }, "cwe" : "CWE-200", "details" : [ "ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data." ], "affected_release" : [ { "product_name" : "Red Hat Ansible Engine 2.5 for RHEL 7", "release_date" : "2018-12-18T00:00:00Z", "advisory" : "RHSA-2018:3835", "cpe" : "cpe:/a:redhat:ansible_engine:2.5::el7", "package" : "ansible-0:2.5.14-1.el7ae" }, { "product_name" : "Red Hat Ansible Engine 2.6 for RHEL 7", "release_date" : "2018-12-18T00:00:00Z", "advisory" : "RHSA-2018:3836", "cpe" : "cpe:/a:redhat:ansible_engine:2.6::el7", "package" : "ansible-0:2.6.11-1.el7ae" }, { "product_name" : "Red Hat Ansible Engine 2.7 for RHEL 7", "release_date" : "2018-12-18T00:00:00Z", "advisory" : "RHSA-2018:3837", "cpe" : "cpe:/a:redhat:ansible_engine:2.7::el7", "package" : "ansible-0:2.7.5-1.el7ae" }, { "product_name" : "Red Hat Ansible Engine 2 for RHEL 7", "release_date" : "2018-12-18T00:00:00Z", "advisory" : "RHSA-2018:3838", "cpe" : "cpe:/a:redhat:ansible_engine:2::el7", "package" : "ansible-0:2.7.5-1.el7ae" }, { "product_name" : "Red Hat OpenStack Platform 13.0 (Queens)", "release_date" : "2019-03-14T00:00:00Z", "advisory" : "RHSA-2019:0564", "cpe" : "cpe:/a:redhat:openstack:13::el7", "package" : "ansible-0:2.6.11-1.el7ae" }, { "product_name" : "Red Hat OpenStack Platform 13.0 (Queens)", "release_date" : "2019-03-14T00:00:00Z", "advisory" : "RHSA-2019:0564", "cpe" : "cpe:/a:redhat:openstack:13::el7", "package" : "openstack-ec2-api-0:6.0.1-0.20181123223255.1e25260.el7ost" }, { "product_name" : "Red Hat OpenStack Platform 13.0 (Queens)", "release_date" : "2019-03-14T00:00:00Z", "advisory" : "RHSA-2019:0564", "cpe" : "cpe:/a:redhat:openstack:13::el7", "package" : "openstack-manila-1:6.0.2-5.el7ost" }, { "product_name" : "Red Hat OpenStack Platform 13.0 (Queens)", "release_date" : "2019-03-14T00:00:00Z", "advisory" : "RHSA-2019:0564", "cpe" : "cpe:/a:redhat:openstack:13::el7", "package" : "openstack-selinux-0:0.8.17-2.el7ost" }, { "product_name" : "Red Hat OpenStack Platform 13.0 (Queens)", "release_date" : "2019-03-14T00:00:00Z", "advisory" : "RHSA-2019:0564", "cpe" : "cpe:/a:redhat:openstack:13::el7", "package" : "openstack-tempest-1:18.0.0-6.el7ost" }, { "product_name" : "Red Hat OpenStack Platform 13.0 (Queens)", "release_date" : "2019-03-14T00:00:00Z", "advisory" : "RHSA-2019:0564", "cpe" : "cpe:/a:redhat:openstack:13::el7", "package" : "os-apply-config-0:8.3.1-0.20180831234255.be699ba.el7ost" }, { "product_name" : "Red Hat OpenStack Platform 13.0 (Queens)", "release_date" : "2019-03-14T00:00:00Z", "advisory" : "RHSA-2019:0564", "cpe" : "cpe:/a:redhat:openstack:13::el7", "package" : "python-barbicanclient-0:4.6.0-2.el7ost" }, { "product_name" : "Red Hat OpenStack Platform 13.0 (Queens)", "release_date" : "2019-03-14T00:00:00Z", "advisory" : "RHSA-2019:0564", "cpe" : "cpe:/a:redhat:openstack:13::el7", "package" : "python-docker-0:2.4.2-2.el7" }, { "product_name" : "Red Hat OpenStack Platform 13.0 (Queens)", "release_date" : "2019-03-14T00:00:00Z", "advisory" : "RHSA-2019:0564", "cpe" : "cpe:/a:redhat:openstack:13::el7", "package" : "python-heat-tests-tempest-0:0.1.1-0.20180514163845.9d99219.el7ost" }, { "product_name" : "Red Hat OpenStack Platform 13.0 (Queens)", "release_date" : "2019-03-14T00:00:00Z", "advisory" : "RHSA-2019:0564", "cpe" : "cpe:/a:redhat:openstack:13::el7", "package" : "python-novajoin-0:1.0.22-1.el7ost" }, { "product_name" : "Red Hat OpenStack Platform 13.0 (Queens)", "release_date" : "2019-03-14T00:00:00Z", "advisory" : "RHSA-2019:0564", "cpe" : "cpe:/a:redhat:openstack:13::el7", "package" : "python-openstackclient-0:3.14.3-2.el7ost" }, { "product_name" : "Red Hat OpenStack Platform 13.0 (Queens)", "release_date" : "2019-03-14T00:00:00Z", "advisory" : "RHSA-2019:0564", "cpe" : "cpe:/a:redhat:openstack:13::el7", "package" : "python-openstacksdk-0:0.11.3-2.el7ost" }, { "product_name" : "Red Hat OpenStack Platform 13.0 (Queens)", "release_date" : "2019-03-14T00:00:00Z", "advisory" : "RHSA-2019:0564", "cpe" : "cpe:/a:redhat:openstack:13::el7", "package" : "python-vmware-nsxlib-0:12.0.4-3.el7ost" }, { "product_name" : "Red Hat OpenStack Platform 13.0 (Queens)", "release_date" : "2019-03-14T00:00:00Z", "advisory" : "RHSA-2019:0564", "cpe" : "cpe:/a:redhat:openstack:13::el7", "package" : "rhosp-release-0:13.0.5-1.el7ost" }, { "product_name" : "Red Hat OpenStack Platform 14.0 (Rocky)", "release_date" : "2019-03-18T00:00:00Z", "advisory" : "RHSA-2019:0590", "cpe" : "cpe:/a:redhat:openstack:14::el7", "package" : "ansible-0:2.6.11-1.el7ae" } ], "package_state" : [ { "product_name" : "CloudForms Management Engine 5", "fix_state" : "Not affected", "package_name" : "ansible", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5" }, { "product_name" : "Red Hat Ansible Tower 3", "fix_state" : "Not affected", "package_name" : "ansible", "cpe" : "cpe:/a:redhat:ansible_tower:3" }, { "product_name" : "Red Hat Ceph Storage 2", "fix_state" : "Affected", "package_name" : "ansible", "cpe" : "cpe:/a:redhat:ceph_storage:2" }, { "product_name" : "Red Hat Ceph Storage 3", "fix_state" : "Will not fix", "package_name" : "ansible", "cpe" : "cpe:/a:redhat:ceph_storage:3" }, { "product_name" : "Red Hat OpenShift Container Platform 3.2", "fix_state" : "Will not fix", "package_name" : "ansible", "cpe" : "cpe:/a:redhat:openshift:3.2" }, { "product_name" : "Red Hat OpenShift Container Platform 3.3", "fix_state" : "Will not fix", "package_name" : "ansible", "cpe" : "cpe:/a:redhat:openshift:3.3" }, { "product_name" : "Red Hat OpenShift Container Platform 3.4", "fix_state" : "Will not fix", "package_name" : "ansible", "cpe" : "cpe:/a:redhat:openshift:3.4" }, { "product_name" : "Red Hat OpenShift Container Platform 3.5", "fix_state" : "Will not fix", "package_name" : "ansible", "cpe" : "cpe:/a:redhat:openshift:3.5" }, { "product_name" : "Red Hat OpenShift Container Platform 3.6", "fix_state" : "Will not fix", "package_name" : "ansible", "cpe" : "cpe:/a:redhat:openshift:3.6" }, { "product_name" : "Red Hat OpenShift Container Platform 3.7", "fix_state" : "Will not fix", "package_name" : "ansible", "cpe" : "cpe:/a:redhat:openshift:3.7" }, { "product_name" : "Red Hat OpenStack Platform 10 (Newton)", "fix_state" : "Will not fix", "package_name" : "ansible", "cpe" : "cpe:/a:redhat:openstack:10" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Out of support scope", "package_name" : "ansible", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Storage 3", "fix_state" : "Will not fix", "package_name" : "ansible", "cpe" : "cpe:/a:redhat:storage:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-16876\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16876\nhttps://github.com/ansible/ansible/pull/49569" ], "name" : "CVE-2018-16876", "csaw" : false }