|Number of vulnerabilities||1|
|CVE ID|| CVE-2018-16859
|Vulnerable software versions||
|Vendor URL||Red Hat Inc.|
The vulnerability allows a local attacker with administrative privileges to obtain potentially sensitive information.
The vulnerability exists due to the plaintext exposure of “become” passwords when Ansible playbooks are executed on a Windows system with PowerShell scriptblock logging and module logging. A local attacker can discover the plaintext password that can be used to conduct further attacks.Remediation
The vulnerability has been fixed in the versions 2.5.13, 2.6.10, 2.7.4.External links