VDB
PYSEC-2019-141
PYSEC-2019-141
PUBLISHED
CVSS 8.699999809265137 HIGH
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PyPI | ansible | 2.5.0, 2.6.0, 2.7.0 |
Timeline
- Jan 3, 2019 CVE Published
- Apr 22, 2024 CVE Updated
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16876 report
- http://www.securityfocus.com/bid/106225 url
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html url
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html url
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html url
- https://github.com/ansible/ansible/pull/49569 fix
- https://access.redhat.com/errata/RHSA-2018:3838 advisory
- https://access.redhat.com/errata/RHSA-2018:3837 advisory
- https://access.redhat.com/errata/RHSA-2018:3836 advisory
- https://access.redhat.com/errata/RHSA-2018:3835 advisory
- https://www.debian.org/security/2019/dsa-4396 advisory
- https://access.redhat.com/errata/RHSA-2019:0564 advisory
- https://access.redhat.com/errata/RHSA-2019:0590 advisory
- https://usn.ubuntu.com/4072-1/ advisory