Описание
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.
Отчет
Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 ships the affected version of ansible, but they no longer maintain their own version of ansible. Both the products will consume fixes directly from ansible repository.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | ansible | Affected | ||
| Red Hat Ceph Storage 3 | ansible | Affected | ||
| Red Hat OpenShift Enterprise 3 | ansible | Not affected | ||
| Red Hat Quickstart Cloud Installer 1 | ansible | Will not fix | ||
| Red Hat Satellite 6 | ansible | Will not fix | ||
| Red Hat Storage 3 | ansible | Affected | ||
| CloudForms Management Engine 5.9 | ansible | Fixed | RHSA-2018:2184 | 12.07.2018 |
| CloudForms Management Engine 5.9 | ansible-tower | Fixed | RHSA-2018:2184 | 12.07.2018 |
| CloudForms Management Engine 5.9 | cfme | Fixed | RHSA-2018:2184 | 12.07.2018 |
| CloudForms Management Engine 5.9 | cfme-amazon-smartstate | Fixed | RHSA-2018:2184 | 12.07.2018 |
Показывать по
Дополнительная информация
Статус:
5.9 Medium
CVSS3
Связанные уязвимости
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the n ...
Ansible exposes sensitive data in log files and on the terminal
Уязвимость системы управления конфигурациями Ansible, связанная c некорректной обработкой опции no_log, позволяющая нарушителю получить несанкционированный доступ к информации
5.9 Medium
CVSS3