Ansible Playbooks CVE-2018-16859 Plaintext Password Information Disclosure Vulnerability

Bugtraq ID:	106004
Class:	Design Error
CVE:	CVE-2018-16859
Remote:	No
Local:	Yes
Published:	Nov 16 2018 12:00AM
Updated:	Nov 16 2018 12:00AM
Credit:	Igor Turovsky
Vulnerable:	Redhat OpenStack Platform 13.0 (Queens) Redhat OpenStack Platform 12 Redhat OpenStack Platform 10 Redhat OpenShift Container Platform 3.7 Redhat OpenShift Container Platform 3.6 Redhat OpenShift Container Platform 3.5 Redhat OpenShift Container Platform 3.4 Redhat Gluster Storage 3.0 Redhat Ceph Storage 3 Redhat Ceph Storage 2 AnsibleWorks ansible 0
Not Vulnerable:

Ansible Playbooks CVE-2018-16859 Plaintext Password Information Disclosure Vulnerability

Ansible Playbooks is prone to a local information-disclosure vulnerability.

Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks.

Ansible Playbooks CVE-2018-16859 Plaintext Password Information Disclosure Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Ansible Playbooks CVE-2018-16859 Plaintext Password Information Disclosure Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Ansible Playbooks CVE-2018-16859 Plaintext Password Information Disclosure Vulnerability

References:

• ansible Homepage (AnsibleWorks)
  
• Bug 1649607 - (CVE-2018-16859) CVE-2018-16859 ansible: become password logged (Red Hat Bugzilla)
  
• CVE-2018-16859 (Red Hat Bugzilla)