Vulnerabilities > CVE-2018-10855 - Information Exposure Through Log Files vulnerability in multiple products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Fuzzing and observing application log data/errors for application mapping An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. Fuzzing techniques involve sending random or malformed messages to a target and monitoring the target's response. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. By observing logs and error messages, the attacker can learn details about the configuration of the target application and might be able to cause the target to disclose sensitive information.
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-2079.NASL description Updated redhat-virtualization-host packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host last seen 2020-06-02 modified 2018-07-03 plugin id 110885 published 2018-07-03 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110885 title RHEL 7 : Virtualization Manager (RHSA-2018:2079) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2018:2079. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(110885); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01"); script_cve_id("CVE-2018-10855"); script_xref(name:"RHSA", value:"2018:2079"); script_name(english:"RHEL 7 : Virtualization Manager (RHSA-2018:2079)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated redhat-virtualization-host packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The following packages have been upgraded to a later upstream version: imgbased (1.0.20), redhat-release-virtualization-host (4.2), redhat-virtualization-host (4.2). (BZ#1590664) Security Fix(es) : * ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs (CVE-2018-10855) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting this issue. Bug Fix(es) : * Previously, if systems were configured to skip Logical Volume Manager (LVM) clusters, imgbased sees output that is unrelated to the Logical Volumes that are being queried. As a result, imgbased failed to parse the output, causing Red Hat Virtualization Host updates to fail. In this release imgbased now ignores output from skipped clusters enabling imgbased LVM commands to return successfully. (BZ#1568414) Enhancement(s) : * Starting from version 4.0, Red Hat Virtualization Hosts could not be deployed from Satellite, and therefore could not take advantage of Satellite's tooling features. In this release, Red Hat Virtualization Hosts can now be deployed from Satellite 6.3.2 and later. (BZ#1484532)" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:2079" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2018-10855" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:imgbased"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-imgbased"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:redhat-release-virtualization-host"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update-placeholder"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/03"); script_set_attribute(attribute:"patch_publication_date", value:"2018/06/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2018:2079"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (! (rpm_exists(release:"RHEL7", rpm:"redhat-virtualization-host-4.2"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Red Hat Virtualization 4"); if (rpm_check(release:"RHEL7", reference:"imgbased-1.0.20-0.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"python-imgbased-1.0.20-0.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"redhat-release-virtualization-host-4.2-4.3.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"redhat-virtualization-host-image-update-4.2-20180622.0.el7_5")) flag++; if (rpm_check(release:"RHEL7", reference:"redhat-virtualization-host-image-update-placeholder-4.2-4.3.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "imgbased / python-imgbased / redhat-release-virtualization-host / etc"); } }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4396.NASL description Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system : - CVE-2018-10855/ CVE-2018-16876 The no_log task flag wasn last seen 2020-05-31 modified 2019-02-20 plugin id 122321 published 2019-02-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122321 title Debian DSA-4396-1 : ansible - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4396. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(122321); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/26"); script_cve_id("CVE-2018-10855", "CVE-2018-10875", "CVE-2018-16837", "CVE-2018-16876", "CVE-2019-3828"); script_xref(name:"DSA", value:"4396"); script_name(english:"Debian DSA-4396-1 : ansible - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system : - CVE-2018-10855/ CVE-2018-16876 The no_log task flag wasn't honored, resulting in an information leak. - CVE-2018-10875 ansible.cfg was read from the current working directory. - CVE-2018-16837 The user module leaked parameters passed to ssh-keygen to the process environment. - CVE-2019-3828 The fetch module was susceptible to path traversal." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-10855" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-16876" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-10875" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-16837" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-3828" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/ansible" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/stretch/ansible" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2019/dsa-4396" ); script_set_attribute( attribute:"solution", value: "Upgrade the ansible packages. For the stable distribution (stretch), these problems have been fixed in version 2.2.1.0-2+deb9u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10875"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ansible"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/03"); script_set_attribute(attribute:"patch_publication_date", value:"2019/02/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"9.0", prefix:"ansible", reference:"2.2.1.0-2+deb9u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4072-1.NASL description It was discovered that Ansible failed to properly handle sensitive information. A local attacker could use those vulnerabilities to extract them. (CVE-2017-7481) (CVE-2018-10855) (CVE-2018-16837) (CVE-2018-16876) (CVE-2019-10156) It was discovered that Ansible could load configuration files from the current working directory containing crafted commands. An attacker could run arbitrary code as result. (CVE-2018-10874) (CVE-2018-10875) It was discovered that Ansible fetch module had a path traversal vulnerability. A local attacker could copy and overwrite files outside of the specified destination. (CVE-2019-3828). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-31 modified 2019-07-25 plugin id 127043 published 2019-07-25 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127043 title Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : ansible vulnerabilities (USN-4072-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-4072-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(127043); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/26"); script_cve_id("CVE-2017-7481", "CVE-2018-10855", "CVE-2018-10874", "CVE-2018-10875", "CVE-2018-16837", "CVE-2018-16876", "CVE-2019-10156", "CVE-2019-3828"); script_xref(name:"USN", value:"4072-1"); script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : ansible vulnerabilities (USN-4072-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "It was discovered that Ansible failed to properly handle sensitive information. A local attacker could use those vulnerabilities to extract them. (CVE-2017-7481) (CVE-2018-10855) (CVE-2018-16837) (CVE-2018-16876) (CVE-2019-10156) It was discovered that Ansible could load configuration files from the current working directory containing crafted commands. An attacker could run arbitrary code as result. (CVE-2018-10874) (CVE-2018-10875) It was discovered that Ansible fetch module had a path traversal vulnerability. A local attacker could copy and overwrite files outside of the specified destination. (CVE-2019-3828). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/4072-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected ansible package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10875"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ansible"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/02"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(16\.04|18\.04|19\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 19.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"16.04", pkgname:"ansible", pkgver:"2.0.0.2-2ubuntu1.3")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"ansible", pkgver:"2.5.1+dfsg-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"19.04", pkgname:"ansible", pkgver:"2.7.8+dfsg-1ubuntu0.19.04.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible"); }NASL family Fedora Local Security Checks NASL id FEDORA_2018-B619637E45.NASL description Update to 2.5.5 bugfix/security release See https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELO G-v2.5.rst for full changes. Fixes CVE-2018-10855 ---- Update to 2.5.3 with bugfixes. https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELO G-v2.5.rst Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-06-25 plugin id 110670 published 2018-06-25 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110670 title Fedora 27 : ansible (2018-b619637e45) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-b619637e45. # include("compat.inc"); if (description) { script_id(110670); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-10855"); script_xref(name:"FEDORA", value:"2018-b619637e45"); script_name(english:"Fedora 27 : ansible (2018-b619637e45)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to 2.5.5 bugfix/security release See https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELO G-v2.5.rst for full changes. Fixes CVE-2018-10855 ---- Update to 2.5.3 with bugfixes. https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELO G-v2.5.rst Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-b619637e45" ); # https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELOG-v2.5.rst script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?90676460" ); script_set_attribute( attribute:"solution", value:"Update the affected ansible package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ansible"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/03"); script_set_attribute(attribute:"patch_publication_date", value:"2018/06/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC27", reference:"ansible-2.5.5-2.fc27")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-2022.NASL description An update for ansible is now available for Red Hat Ansible Engine 2.4 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.4.5) Security fix(es) : * ansible: Ansible through version 2.5 does not properly honour the no_log option with failed task iterations. When a list of secret items is supplied to a task and a task iteration fails, secrets can be disclosed in logs despite the no_log option being enabled. (CVE-2018-10855) Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting these issues. Bug Fix(es) : * Fixed win_copy to preserve the global Ansible local tmp path instead of deleting it when dealing with multiple files (https://github.com/ansible/ansible/pull/37964) * Fixed Windows setup.ps1 for slow performance in large domain environments (https://github.com/ansible/ansible/pull/38646) * Fixed eos_logging idempotency issue when trying to set both logging destination & facility (https://github.com/ansible/ansible/pull/40604) * Fixed ios_logging idempotency issue when trying to set both logging destination & facility (https://github.com/ansible/ansible/pull/41076) See https://github.com/ansible/ansible/blob/v2.4.5.0-1/CHANGELOG.md for details on this release. last seen 2020-06-02 modified 2018-06-29 plugin id 110794 published 2018-06-29 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110794 title RHEL 7 : ansible (RHSA-2018:2022) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2018:2022. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(110794); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01"); script_cve_id("CVE-2018-10855"); script_xref(name:"RHSA", value:"2018:2022"); script_name(english:"RHEL 7 : ansible (RHSA-2018:2022)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for ansible is now available for Red Hat Ansible Engine 2.4 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.4.5) Security fix(es) : * ansible: Ansible through version 2.5 does not properly honour the no_log option with failed task iterations. When a list of secret items is supplied to a task and a task iteration fails, secrets can be disclosed in logs despite the no_log option being enabled. (CVE-2018-10855) Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting these issues. Bug Fix(es) : * Fixed win_copy to preserve the global Ansible local tmp path instead of deleting it when dealing with multiple files (https://github.com/ansible/ansible/pull/37964) * Fixed Windows setup.ps1 for slow performance in large domain environments (https://github.com/ansible/ansible/pull/38646) * Fixed eos_logging idempotency issue when trying to set both logging destination & facility (https://github.com/ansible/ansible/pull/40604) * Fixed ios_logging idempotency issue when trying to set both logging destination & facility (https://github.com/ansible/ansible/pull/41076) See https://github.com/ansible/ansible/blob/v2.4.5.0-1/CHANGELOG.md for details on this release." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:2022" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2018-10855" ); script_set_attribute( attribute:"solution", value:"Update the affected ansible and / or ansible-doc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ansible"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ansible-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/03"); script_set_attribute(attribute:"patch_publication_date", value:"2018/06/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2018:2022"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (! (rpm_exists(release:"RHEL7", rpm:"ansible-2.4"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Red Hat Ansible 2.4"); if (rpm_check(release:"RHEL7", reference:"ansible-2.4.5.0-1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"ansible-doc-2.4.5.0-1.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible / ansible-doc"); } }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-1949.NASL description An update for ansible is now available for Red Hat Ansible Engine 2.5 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.5.5) Security fix(es) : * ansible: Ansible through version 2.5 does not properly honour the no_log option with failed task iterations. When a list of secret items is supplied to a task and a task iteration fails, secrets can be disclosed in logs despite the no_log option being enabled. (CVE-2018-10855) Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting these issues. Bug Fix(es) : * Changed the admin_users config option to not include last seen 2020-06-02 modified 2018-06-22 plugin id 110654 published 2018-06-22 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110654 title RHEL 7 : ansible (RHSA-2018:1949) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2018:1949. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(110654); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01"); script_cve_id("CVE-2018-10855"); script_xref(name:"RHSA", value:"2018:1949"); script_name(english:"RHEL 7 : ansible (RHSA-2018:1949)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for ansible is now available for Red Hat Ansible Engine 2.5 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.5.5) Security fix(es) : * ansible: Ansible through version 2.5 does not properly honour the no_log option with failed task iterations. When a list of secret items is supplied to a task and a task iteration fails, secrets can be disclosed in logs despite the no_log option being enabled. (CVE-2018-10855) Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting these issues. Bug Fix(es) : * Changed the admin_users config option to not include 'admin' by default as admin is frequently used for a non-privileged account (https://github.com/ansible/ansible/pull/41164) * aws_s3 - add async support to the action plugin (https://github.com/ansible/ansible/pull/40826) * aws_s3 - fix decrypting vault files (https://github.com/ansible/ansible/pull/39634) * ec2_ami - cast the device_mapping volume size to an int (https://github.com/ansible/ansible/pull/40938) * eos_logging - fix idempotency issues (https://github.com/ansible/ansible/pull/40604) * cache plugins - a cache timeout of 0 means the cache will not expire. * ios_logging - fix idempotency issues (https://github.com/ansible/ansible/pull/41029) * ios/nxos/eos_config - don't retrieve config in running_config when config is provided for diff (https://github.com/ansible/ansible/pull/41400) * nxos_banner - fix multiline banner issue (https://github.com/ansible/ansible/pull/41026). * nxos terminal plugin - fix output truncation (https://github.com/ansible/ansible/pull/40960) * nxos_l3_interface - fix no switchport issue with loopback and svi interfaces (https://github.com/ansible/ansible/pull/37392). * nxos_snapshot - fix compare_option (https://github.com/ansible/ansible/pull/41386) See https://github.com/ansible/ansible/blob/v2.5.5/changelogs/CHANGELOG-v2 .5.rst for details on this release." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:1949" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2018-10855" ); script_set_attribute( attribute:"solution", value:"Update the affected ansible and / or ansible-doc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ansible"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ansible-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/03"); script_set_attribute(attribute:"patch_publication_date", value:"2018/06/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2018:1949"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (! (rpm_exists(release:"RHEL7", rpm:"ansible-2.5"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Red Hat Ansible 2.5"); if (rpm_check(release:"RHEL7", reference:"ansible-2.5.5-1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"ansible-doc-2.5.5-1.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible / ansible-doc"); } }NASL family Fedora Local Security Checks NASL id FEDORA_2018-1A6E6196B9.NASL description Update to 2.5.5 bugfix/security release See https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELO G-v2.5.rst for full changes. Fixes CVE-2018-10855 ---- Update to 2.5.3 with bugfixes. https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELO G-v2.5.rst Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120260 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120260 title Fedora 28 : ansible (2018-1a6e6196b9)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855
- https://access.redhat.com/errata/RHSA-2018:2079
- https://access.redhat.com/errata/RHSA-2018:2022
- https://access.redhat.com/errata/RHSA-2018:1949
- https://access.redhat.com/errata/RHSA-2018:1948
- https://access.redhat.com/errata/RHSA-2018:2184
- https://access.redhat.com/errata/RHSA-2018:2585
- https://access.redhat.com/errata/RHBA-2018:3788
- https://access.redhat.com/errata/RHSA-2019:0054
- https://www.debian.org/security/2019/dsa-4396
- https://usn.ubuntu.com/4072-1/