QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-16837

Back to search

CVE-2018-16837

Published: Oct 23, 2018

Modified: Aug 5, 2024

PUBLISHED

CVSS v3.0

7.8

HIGH

Description

Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.

VendorProductVersions

[UNKNOWN]

Ansible

affected
n/a

Weaknesses (CWE)

CWE-214

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

RHSA-2018:3460
vendor-advisory
x_refsource_REDHAT
105700
vdb-entry
x_refsource_BID
RHSA-2018:3462
vendor-advisory
x_refsource_REDHAT
RHSA-2018:3505
vendor-advisory
x_refsource_REDHAT
RHSA-2018:3463
vendor-advisory
x_refsource_REDHAT
RHSA-2018:3461
vendor-advisory
x_refsource_REDHAT
DSA-4396
vendor-advisory
x_refsource_DEBIAN
openSUSE-SU-2019:1125
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2019:1635
vendor-advisory
x_refsource_SUSE
USN-4072-1
vendor-advisory
x_refsource_UBUNTU
openSUSE-SU-2019:1858
vendor-advisory
x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now