← voltar
CVE-2018-16859

CVE-2018-16859

CVSS 4.2 MEDIUMEPSS 0.5%CWE-532
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.2EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
29 nov 2018Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.
CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Produtos afetados
Red Hat · ansible

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.htmlhttps://access.redhat.com/errata/RHSA-2018:3770https://access.redhat.com/errata/RHSA-2018:3771https://access.redhat.com/errata/RHSA-2018:3772https://access.redhat.com/errata/RHSA-2018:3773https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859https://github.com/ansible/ansible/pull/49142http://www.securityfocus.com/bid/106004