PT-2018-2517 · Red Hat+2 · Ansible+2

Borja Tarraso

+1

·

Publicado

2018-10-18

·

Atualizado

2026-06-03

·

CVE-2018-16837

CVSS v4.0

8.5

Alta

VetorAV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Ansible (affected versions not specified)
Description The issue is related to the Ansible "User" module, which leaks data passed as parameters to ssh-keygen. This could lead to undesirable situations where sensitive information, such as passphrases or credentials, is exposed in clear text to users with access to the process list. An attacker could exploit this to gain unauthorized access to confidential user information by accessing the process list.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Encryption of Sensitive Data

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-311CWE-214CWE-200

Identificadores relacionados

BDU:2019-00888
CVE-2018-16837
DLA-1576-1
DSA-4396-1
GHSA-HWRM-63V2-42G4
OPENSUSE-SU-2019:1125-1
OPENSUSE-SU-2019:1635-1
OPENSUSE-SU-2019:1858-1
OPENSUSE-SU-2019_1635-1
OPENSUSE-SU-2022:0081-1
OPENSUSE-SU-2024:10615-1
OPENSUSE-SU-2024:14244-1
OPENSUSE-SU-2024:14536-1
OPENSUSE-SU-2025:15605-1
OPENSUSE-SU-2025:15753-1
OPENSUSE-SU-2026:10944-1
PYSEC-2018-44
RHSA-2018:3460
RHSA-2018:3461
RHSA-2018:3462
RHSA-2018:3463
RHSA-2019:0564
RHSA-2019:0590
SUSE-SU-2020:3309-1
USN-4072-1

Produtos afetados

Ansible
Suse
Ubuntu