Medium severity5.9NVD Advisory· Published Jul 3, 2018· Updated Jun 17, 2026
CVE-2018-10855
CVE-2018-10855
Description
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ansiblePyPI | >= 2.5.0a1, < 2.5.5 | 2.5.5 |
ansiblePyPI | >= 2.4.0.0, < 2.4.5.0 | 2.4.5.0 |
Affected products
10- ghsa-coords10 versionspkg:pypi/ansiblepkg:rpm/opensuse/ansible-10&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ansible-11&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ansible-12&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ansible-13&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ansible-9&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ansible&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/ansible&distro=SUSE%20Package%20Hub%2015
>= 2.5.0a1, < 2.5.5+ 9 more
- (no CPE)range: >= 2.5.0a1, < 2.5.5
- (no CPE)range: < 10.6.0-1.1
- (no CPE)range: < 11.11.0-1.1
- (no CPE)range: < 12.2.0-1.1
- (no CPE)range: < 13.7.0-1.1
- (no CPE)range: < 9.8.0-1.1
- (no CPE)range: < 2.4.6.0-3.3.1
- (no CPE)range: < 2.4.6.0-3.3.1
- (no CPE)range: < 2.4.6.0-3.3.1
- (no CPE)range: < 2.7.6-bp150.3.3.1
Patches
Vulnerability mechanics
References
15- access.redhat.com/errata/RHBA-2018:3788nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:1948nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:1949nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2022nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2079nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2184nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2585nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2019:0054nvdVendor AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor AdvisoryWEB
- github.com/advisories/GHSA-jwcc-j78w-j73wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-10855ghsaADVISORY
- usn.ubuntu.com/4072-1/nvdThird Party Advisory
- www.debian.org/security/2019/dsa-4396nvdThird Party AdvisoryWEB
- github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-42.yamlghsaWEB
- usn.ubuntu.com/4072-1ghsaWEB
News mentions
0No linked articles in our index yet.