VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-vpzy-gc78-aaag

Essentials
Severities (142)
References (38)
Severity details (52)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-vpzy-gc78-aaag
Aliases	CVE-2018-10855 GHSA-jwcc-j78w-j73w PYSEC-2018-42
Summary	Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-532	Insertion of Sensitive Information into Log File
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	Low	http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10855.html
cvssv3.1	5.9	https://access.redhat.com/errata/RHBA-2018:3788
cvssv3.1	7.8	https://access.redhat.com/errata/RHBA-2018:3788
generic_textual	HIGH	https://access.redhat.com/errata/RHBA-2018:3788
cvssv3.1	5.9	https://access.redhat.com/errata/RHSA-2018:1948
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2018:1948
rhas	Moderate	https://access.redhat.com/errata/RHSA-2018:1948
cvssv3.1	5.9	https://access.redhat.com/errata/RHSA-2018:1949
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2018:1949
rhas	Moderate	https://access.redhat.com/errata/RHSA-2018:1949
cvssv3.1	5.9	https://access.redhat.com/errata/RHSA-2018:2022
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2018:2022
rhas	Moderate	https://access.redhat.com/errata/RHSA-2018:2022
cvssv3.1	5.9	https://access.redhat.com/errata/RHSA-2018:2079
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2018:2079
rhas	Moderate	https://access.redhat.com/errata/RHSA-2018:2079
cvssv3.1	5.9	https://access.redhat.com/errata/RHSA-2018:2184
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2018:2184
rhas	Moderate	https://access.redhat.com/errata/RHSA-2018:2184
cvssv3.1	5.9	https://access.redhat.com/errata/RHSA-2018:2585
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2018:2585
rhas	Moderate	https://access.redhat.com/errata/RHSA-2018:2585
cvssv3.1	5.9	https://access.redhat.com/errata/RHSA-2019:0054
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2019:0054
rhas	Moderate	https://access.redhat.com/errata/RHSA-2019:0054
cvssv3	5.9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10855.json
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.01977	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.02015	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.02015	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.02015	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.02015	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.02015	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.02015	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.02015	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.02015	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.02015	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.02015	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.02015	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.02015	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.02015	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.02015	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.02015	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.02015	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.02015	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.02306	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.02647	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.02647	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.03129	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.03129	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.03129	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.03179	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.03179	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.03296	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.03296	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.03296	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.03296	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.03296	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.03296	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.03296	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.03296	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.03296	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.03296	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
epss	0.03857	https://api.first.org/data/v1/epss?cve=CVE-2018-10855
cvssv3.1	5.9	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855
generic_textual	HIGH	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855
generic_textual	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10855
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10875
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16837
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16876
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3828
cvssv3	5.9	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.9	https://github.com/advisories/GHSA-jwcc-j78w-j73w
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-jwcc-j78w-j73w
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-jwcc-j78w-j73w
generic_textual	HIGH	https://github.com/advisories/GHSA-jwcc-j78w-j73w
cvssv3.1	5.0	https://github.com/ansible/ansible
cvssv3.1	5.9	https://github.com/ansible/ansible
generic_textual	HIGH	https://github.com/ansible/ansible
generic_textual	MODERATE	https://github.com/ansible/ansible
generic_textual	Low	https://github.com/ansible/ansible/pull/41414
cvssv3.1	5.9	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-42.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-42.yaml
generic_textual	MODERATE	https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-42.yaml
cvssv2	4.3	https://nvd.nist.gov/vuln/detail/CVE-2018-10855
cvssv3	5.9	https://nvd.nist.gov/vuln/detail/CVE-2018-10855
cvssv3.1	5.9	https://nvd.nist.gov/vuln/detail/CVE-2018-10855
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2018-10855
cvssv3.1	4.2	https://usn.ubuntu.com/4072-1
cvssv3.1	5.9	https://usn.ubuntu.com/4072-1
generic_textual	HIGH	https://usn.ubuntu.com/4072-1
generic_textual	MODERATE	https://usn.ubuntu.com/4072-1
cvssv3.1	5.3	https://www.debian.org/security/2019/dsa-4396
cvssv3.1	5.9	https://www.debian.org/security/2019/dsa-4396
generic_textual	HIGH	https://www.debian.org/security/2019/dsa-4396
generic_textual	MODERATE	https://www.debian.org/security/2019/dsa-4396

Reference id	Reference type	URL
		http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10855.html
		https://access.redhat.com/errata/RHBA-2018:3788
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10855.json
		https://api.first.org/data/v1/epss?cve=CVE-2018-10855
		https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10855
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10875
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16837
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16876
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3828
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/ansible/ansible
		https://github.com/ansible/ansible/pull/41414
		https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-42.yaml
		https://usn.ubuntu.com/4072-1
		https://usn.ubuntu.com/4072-1/
		https://www.debian.org/security/2019/dsa-4396
cpe:2.3:a:redhat:ansible_engine::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine::::::::
cpe:2.3:a:redhat:ansible_engine:2.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_engine:2.0:::::::*
cpe:2.3:a:redhat:cloudforms:4.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.6:::::::*
cpe:2.3:a:redhat:openstack:10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:10:::::::*
cpe:2.3:a:redhat:openstack:12:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:12:::::::*
cpe:2.3:a:redhat:openstack:13:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:::::::*
cpe:2.3:a:redhat:virtualization:4.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization:4.0:::::::*
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
CVE-2018-10855		https://nvd.nist.gov/vuln/detail/CVE-2018-10855
GHSA-jwcc-j78w-j73w		https://github.com/advisories/GHSA-jwcc-j78w-j73w
RHBA-2018:3788		https://bugzilla.redhat.com/show_bug.cgi?id=1588855
RHSA-2018:1948		https://access.redhat.com/errata/RHSA-2018:1948
RHSA-2018:1949		https://access.redhat.com/errata/RHSA-2018:1949
RHSA-2018:2022		https://access.redhat.com/errata/RHSA-2018:2022
RHSA-2018:2079		https://access.redhat.com/errata/RHSA-2018:2079
RHSA-2018:2184		https://access.redhat.com/errata/RHSA-2018:2184
RHSA-2018:2585		https://access.redhat.com/errata/RHSA-2018:2585
RHSA-2019:0054		https://access.redhat.com/errata/RHSA-2019:0054

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHBA-2018:3788

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHBA-2018:3788

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2018:1948

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2018:1949

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2018:2022

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2018:2079

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2018:2184

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2018:2585

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2019:0054

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10855.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/advisories/GHSA-jwcc-j78w-j73w

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ansible/ansible

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-42.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-10855

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-10855

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-10855

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at https://usn.ubuntu.com/4072-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://usn.ubuntu.com/4072-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://www.debian.org/security/2019/dsa-4396

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.debian.org/security/2019/dsa-4396

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.72298
EPSS Score	0.00349
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.