VDB
PYSEC-2018-44
PYSEC-2018-44
PUBLISHED
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PyPI | ansible | 1.3.3, 2.7, 2.6 |
Timeline
- Oct 23, 2018 CVE Published
- Apr 22, 2024 CVE Updated
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16837 report
- http://www.securityfocus.com/bid/105700 url
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html url
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html url
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html url
- https://access.redhat.com/errata/RHSA-2018:3463 advisory
- https://access.redhat.com/errata/RHSA-2018:3462 advisory
- https://access.redhat.com/errata/RHSA-2018:3461 advisory
- https://access.redhat.com/errata/RHSA-2018:3460 advisory
- https://access.redhat.com/errata/RHSA-2018:3505 advisory
- https://lists.debian.org/debian-lts-announce/2018/11/msg00012.html advisory
- https://access.redhat.com/security/cve/cve-2018-16837 advisory
- https://www.debian.org/security/2019/dsa-4396 advisory
- https://usn.ubuntu.com/4072-1/ advisory