CVE-2018-16859
Description
Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for become passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.
Risk Information
Base Score
4.4
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.096
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2018-16859 are fixed in Python-ansible 2.5.12 | Windows |
| Vulnerabilities CVE-2018-16859 are fixed in Python-ansible 2.6.9 | Windows |
| Vulnerabilities CVE-2018-16859 are fixed in Python-ansible 2.7.3 | Windows |
| Vulnerabilities CVE-2018-16859 are fixed in Python-ansible for linux 2.5.12 | Linux |
| Vulnerabilities CVE-2018-16859 are fixed in Python-ansible for linux 2.6.9 | Linux |
| Vulnerabilities CVE-2018-16859 are fixed in Python-ansible for linux 2.7.3 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234