// For flags

CVE-2018-16837

Ansible: Information leak in "user" module

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.

El módulo "User" de Ansible filtra cualquier dato que se pasa como parámetro a ssh-keygen. Esto podría desembocar en situaciones no deseadas como el paso de credenciales de frase de contraseña como parámetro para el ejecutable ssh-keygen. Las credenciales se muestran en texto claro a cada usuario con acceso solo a la lista de procesos.

The User module in Ansible leaks any data which is passed on as a parameter to ssh-keygen. This could lead to undesirable situations such as passphrase credentials being passed as a parameter for the ssh-keygen executable, showing those credentials in clear text form for every user which have access just to the process list.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-09-11 CVE Reserved
  • 2018-10-23 CVE Published
  • 2023-10-17 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-214: Invocation of Process Using Visible Sensitive Information
  • CWE-311: Missing Encryption of Sensitive Data
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Suse
Search vendor "Suse"
Package Hub
Search vendor "Suse" for product "Package Hub"
--
Affected
in Suse
Search vendor "Suse"
Linux Enterprise
Search vendor "Suse" for product "Linux Enterprise"
12.0
Search vendor "Suse" for product "Linux Enterprise" and version "12.0"
-
Safe
Redhat
Search vendor "Redhat"
Ansible Engine
Search vendor "Redhat" for product "Ansible Engine"
2.0
Search vendor "Redhat" for product "Ansible Engine" and version "2.0"
-
Affected
Redhat
Search vendor "Redhat"
Ansible Engine
Search vendor "Redhat" for product "Ansible Engine"
2.5
Search vendor "Redhat" for product "Ansible Engine" and version "2.5"
-
Affected
Redhat
Search vendor "Redhat"
Ansible Engine
Search vendor "Redhat" for product "Ansible Engine"
2.6
Search vendor "Redhat" for product "Ansible Engine" and version "2.6"
-
Affected
Redhat
Search vendor "Redhat"
Ansible Engine
Search vendor "Redhat" for product "Ansible Engine"
2.7
Search vendor "Redhat" for product "Ansible Engine" and version "2.7"
-
Affected
Redhat
Search vendor "Redhat"
Ansible Tower
Search vendor "Redhat" for product "Ansible Tower"
3.3.0
Search vendor "Redhat" for product "Ansible Tower" and version "3.3.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Affected