Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-11-29T17:00:00

Updated: 2024-08-05T10:32:54.246Z

Reserved: 2018-09-11T00:00:00

Link: CVE-2018-16859

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-11-29T18:29:00.537

Modified: 2019-04-03T09:29:00.993

Link: CVE-2018-16859

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-11-16T00:00:00Z

Links: CVE-2018-16859 - Bugzilla