Описание
Ansible versions 2.2.3 and earlier are vulnerable to an information disclosure flaw due to the interaction of call back plugins and the no_log directive (information may not be sanitized properly).
Отчет
Ansible Security Team and Red Hat Product Security determined that this is not a vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | ansible | Under investigation | ||
| Red Hat OpenShift Enterprise 3 | ansible | Affected | ||
| Red Hat OpenStack Platform 10 (Newton) | ansible | Will not fix | ||
| Red Hat OpenStack Platform 11 (Ocata) | ansible | Will not fix | ||
| Red Hat Storage 3 | ansible | Will not fix | ||
| Red Hat Storage Console 2 | ansible | Will not fix |
Показывать по
Дополнительная информация
4.7 Medium
CVSS3
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA based off of CNT 3. Further investigation determined that there was a secure method for using the directive. Notes: none.
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA based off of CNT 3. Further investigation determined that there was a secure method for using the directive. Notes: none.
4.7 Medium
CVSS3