2.1
CVSSv2

CVE-2018-16837

Published: 23/10/2018 Updated: 03/10/2019
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat ansible engine 2.0

redhat ansible engine 2.5

redhat ansible engine 2.6

redhat ansible engine 2.7

redhat ansible tower 3.3.0

debian debian linux 8.0

debian debian linux 9.0

suse package_hub -

Vendor Advisories

Synopsis Moderate: [ansible] security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 27Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base sco ...
Synopsis Moderate: [ansible] security update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 26Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gi ...
Synopsis Moderate: [ansible] security update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 25Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gi ...
Synopsis Moderate: [ansible] security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ansible is now available for Ansible Engine 2Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...
The User module in Ansible leaks any data which is passed on as a parameter to ssh-keygen This could lead to undesirable situations such as passphrase credentials being passed as a parameter for the ssh-keygen executable, showing those credentials in clear text form for every user which have access just to the process list ...
Debian Bug report logs - #912297 ansible: CVE-2018-16837 Package: ansible; Maintainer for ansible is Harlan Lieberman-Berg <hlieberman@debianorg>; Source for ansible is src:ansible (PTS, buildd, popcon) Reported by: Chris Lamb <lamby@debianorg> Date: Mon, 29 Oct 2018 21:54:02 UTC Severity: grave Tags: security Fo ...
Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system: CVE-2018-10855 / CVE-2018-16876 The no_log task flag wasn't honored, resulting in an information leak CVE-2018-10875 ansiblecfg was read from the current working directory CVE-2018-16837 The user module leaked param ...
Several security issues were fixed in Ansible ...
Synopsis Critical: Red Hat Ansible Tower 331-2 Release - Container Image Type/Severity Security Advisory: Critical Topic Security Advisory Description Red Hat Ansible Tower 331 is now available and contains the following bug fixes: Fixed event callback error when in-line vaulted variabl ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4396-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff February 19, 2019 wwwdebianorg/security/faq ...