Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for become passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.
The product writes sensitive information to a log file.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ansible_engine | Redhat | * | 2.5.13 (excluding) |
Ansible_engine | Redhat | 2.6.0 (including) | 2.6.10 (excluding) |
Ansible_engine | Redhat | 2.7.0 (including) | 2.7.4 (excluding) |
Ansible_engine | Redhat | 2.7.5 (including) | 2.8 (including) |
Red Hat Ansible Engine 2.5 for RHEL 7 | RedHat | ansible-0:2.5.13-1.el7ae | * |
Red Hat Ansible Engine 2.6 for RHEL 7 | RedHat | ansible-0:2.6.10-1.el7ae | * |
Red Hat Ansible Engine 2.7 for RHEL 7 | RedHat | ansible-0:2.7.4-1.el7ae | * |
Red Hat Ansible Engine 2 for RHEL 7 | RedHat | ansible-0:2.7.4-1.el7ae | * |