CVE-2018-16859
Ansible Logs Passwords If PowerShell ScriptBlock is Enabled
4.4
MEDIUM
CVSS 3.1
EPSS 0.09%
Description
Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.
How to fix CVE-2018-16859
To remediate CVE-2018-16859, upgrade the affected package to a fixed version below.
- —upgrade to 2.7.3-r0 or later
- —upgrade to 2.7.3 or later
- —upgrade to 2.7.4 or later
Is CVE-2018-16859 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2.7.3-r0
- >= 2.7.0a1, < 2.7.3
- >= 2.7.0, < 2.7.4, >= 2.7.5, < 2.8.1, from 0, < 2.5.13, >= 2.6.0, < 2.6.10
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM4.4 | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |