CVE-2018-10855 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-10855 Interim 1 23 2023-09-07T00:37:03Z current 2021-05-30T14:12:56Z 2023-09-07T00:37:03Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-10855 Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2018-December/004967.html E-Mail link for SUSE-SU-2018:4130-1 https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00057.html E-Mail link for openSUSE-SU-2019:0238-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 HPE Helion OpenStack Cloud 8 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Manager Client Tools Beta for SLE 15 SUSE Manager Client Tools for SLE 15 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 SUSE Package Hub 15 openSUSE Tumbleweed ansible ansible-2.4.6.0-3.3.1 ansible-2.7.6-bp150.3.3.1 ansible-2.9.24-1.2 ansible-2.9.9-11.8.1 ansible-doc-2.9.24-1.2 ansible-test-2.9.24-1.2 ansible1 python-coverage-3.6-0.11.2.1 python-passlib-1.6.1-0.3.2.1 ansible-2.4.6.0-3.3.1 as a component of HPE Helion OpenStack 8 ansible-2.9.9-11.8.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA python-coverage-3.6-0.11.2.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA python-passlib-1.6.1-0.3.2.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA ansible-2.4.6.0-3.3.1 as a component of SUSE OpenStack Cloud 8 ansible-2.4.6.0-3.3.1 as a component of SUSE OpenStack Cloud Crowbar 8 ansible-2.7.6-bp150.3.3.1 as a component of SUSE Package Hub 15 ansible-2.9.24-1.2 as a component of openSUSE Tumbleweed ansible-doc-2.9.24-1.2 as a component of openSUSE Tumbleweed ansible-test-2.9.24-1.2 as a component of openSUSE Tumbleweed ansible1 as a component of HPE Helion OpenStack 8 ansible as a component of HPE Helion OpenStack Cloud 8 ansible as a component of SUSE Manager Client Tools Beta for SLE 15 ansible as a component of SUSE Manager Client Tools for SLE 15 ansible as a component of SUSE OpenStack Cloud 7 ansible1 as a component of SUSE OpenStack Cloud 8 Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible. CVE-2018-10855 HPE Helion OpenStack 8:ansible-2.4.6.0-3.3.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:ansible-2.9.9-11.8.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:python-coverage-3.6-0.11.2.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:python-passlib-1.6.1-0.3.2.1 SUSE OpenStack Cloud 8:ansible-2.4.6.0-3.3.1 SUSE OpenStack Cloud Crowbar 8:ansible-2.4.6.0-3.3.1 SUSE Package Hub 15:ansible-2.7.6-bp150.3.3.1 openSUSE Tumbleweed:ansible-2.9.24-1.2 openSUSE Tumbleweed:ansible-doc-2.9.24-1.2 openSUSE Tumbleweed:ansible-test-2.9.24-1.2 HPE Helion OpenStack 8:ansible1 SUSE Manager Client Tools Beta for SLE 15:ansible SUSE Manager Client Tools for SLE 15:ansible SUSE OpenStack Cloud 7:ansible SUSE OpenStack Cloud 8:ansible1 HPE Helion OpenStack Cloud 8:ansible moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N