Information Exposure Affecting ansible package, versions [,2.5.14) [2.6.0, 2.6.11) [2.7.0, 2.7.5)
Snyk CVSS
Attack Complexity
High
Threat Intelligence
EPSS
0.25% (65th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-ANSIBLE-72696
- published 18 Dec 2018
- disclosed 7 Dec 2018
- credit Unknown
Introduced: 7 Dec 2018
CVE-2018-16876 Open this link in a new tabHow to fix?
Upgrade ansible to version 2.5.14, 2.6.11, 2.7.5 or higher.
Overview
ansible is a simple IT automation system.
Affected versions of this package are vulnerable to Information Exposure.
When a retry task run with -vvv
fails, it would log the raw return code, stdout and stderr from ssh which could have contained sensitive data.