{"id":"PYSEC-2018-42","details":"Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.","aliases":["CVE-2018-10855","GHSA-jwcc-j78w-j73w"],"modified":"2023-11-01T05:29:43.052426Z","published":"2018-07-03T01:29:00Z","references":[{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2079"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2022"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1949"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1948"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2184"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2585"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHBA-2018:3788"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0054"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4396"},{"type":"WEB","url":"https://usn.ubuntu.com/4072-1/"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-jwcc-j78w-j73w"}],"affected":[{"package":{"name":"ansible","ecosystem":"PyPI","purl":"pkg:pypi/ansible"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.5"},{"fixed":"2.5.5"},{"introduced":"2.4"},{"fixed":"2.4.5.0"}]}],"versions":["2.4.0.0","2.4.1.0","2.4.2.0","2.4.3.0","2.4.4.0","2.5.0","2.5.1","2.5.2","2.5.3","2.5.4"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/ansible/PYSEC-2018-42.yaml"}}],"schema_version":"1.7.3"}