CVE-2018-16837
Aliases:GHSA-hwrm-63v2-42g4PYSEC-2018-44
Advisory lineage Upstream: 0 Downstream: 22
Modified
Published: 23 Oct 2018, 15:00
Last modified:05 Aug 2024, 10:32
Vulnerability Summary
Overall Risk (default)
medium
31/100 CVSS Score
7.8 HIGH
v3.0 (cve.org)
EPSS Score
0.02% LOW
0% probability -0.02%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
23 Oct 2018, 15:00
Published
Vulnerability first disclosed
05 Aug 2024, 10:32
Last Modified
Vulnerability information updated
Description
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.
CVSS Metrics
- v4.0•HIGH•Score: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
- v3.0•HIGH•Score: 7.8CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- v3.0•HIGH•Score: 7.8CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 0.02%• Percentile: 7%
Techniques & Countermeasures
- CWE-311•Missing Encryption of Sensitive Data
The product does not encrypt sensitive or critical information before storage or transmission.
- CWE-214•Invocation of Process Using Visible Sensitive Information
A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.
Affected Systems
- debian•debian_linux
8.0 | 9.0
- PyPI•ansible
≥ 2.7.0a1, < 2.7.1 | ≥ 2.6.0a1, < 2.6.7 | < 2.5.11
- redhat•ansible_engine
2.0 | 2.5 | 2.6 | 2.7
- redhat•ansible_tower
3.3.0
- suse•package_hub
na
- [unknown]•ansible
n/a
References (27)
- https://access.redhat.com/errata/RHSA-2018:3460
- http://www.securityfocus.com/bid/105700
- https://access.redhat.com/errata/RHSA-2018:3462
- https://access.redhat.com/errata/RHSA-2018:3505
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16837
- https://access.redhat.com/errata/RHSA-2018:3463
- https://lists.debian.org/debian-lts-announce/2018/11/msg00012.html
- https://access.redhat.com/errata/RHSA-2018:3461
- https://www.debian.org/security/2019/dsa-4396
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html
- https://usn.ubuntu.com/4072-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html
- https://access.redhat.com/security/cve/cve-2018-16837
- https://nvd.nist.gov/vuln/detail/CVE-2018-16837
- https://github.com/ansible/ansible/pull/47487
- https://github.com/ansible/ansible/pull/47486
- https://github.com/ansible/ansible/pull/47445
- https://github.com/ansible/ansible/pull/47436
- https://github.com/ansible/ansible/commit/77928e6c3a2ad878b20312ce5d74d9d7741e0df0
- https://github.com/ansible/ansible/commit/b618339c321c387230d3ea523e80ad47af3de5cf
- https://github.com/ansible/ansible/commit/f50cc0b8cb399bb7b7c1ad23b94c9404f0cc6d23
- https://web.archive.org/web/20200227105539/http://www.securityfocus.com/bid/105700
- https://usn.ubuntu.com/4072-1
- https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-44.yaml
- https://github.com/ansible/ansible/blob/c963ef1dfbf73efea5106624eb48b346f01eaefd/changelogs/CHANGELOG-v2.7.rst?plain=1#L138
- https://github.com/ansible/ansible