Main Vulnerability Database SB2018061605

SB2018061605 - Fedora EPEL 7 update for ansible

Published: June 16, 2018 Updated: April 24, 2025

Security Bulletin ID SB2018061605

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2018-10855)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper honor of the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-fa11f61de0