CVE Vulnerabilities

CVE-2018-16837

Invocation of Process Using Visible Sensitive Information

Published: Oct 23, 2018 | Modified: Nov 21, 2024
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
7.8 MODERATE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM

Ansible User module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.

Weakness

A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.

Affected Software

Name Vendor Start Version End Version
Ansible_engine Redhat 2.0 (including) 2.0 (including)
Ansible_engine Redhat 2.5 (including) 2.5 (including)
Ansible_engine Redhat 2.6 (including) 2.6 (including)
Ansible_engine Redhat 2.7 (including) 2.7 (including)
Ansible_tower Redhat 3.3.0 (including) 3.3.0 (including)
Red Hat Ansible Engine 2.5 for RHEL 7 RedHat ansible-0:2.5.11-1.el7ae *
Red Hat Ansible Engine 2.6 for RHEL 7 RedHat ansible-0:2.6.7-1.el7ae *
Red Hat Ansible Engine 2.7 for RHEL 7 RedHat ansible-0:2.7.1-1.el7ae *
Red Hat Ansible Engine 2 for RHEL 7 RedHat ansible-0:2.7.1-1.el7ae *
Red Hat OpenStack Platform 13.0 (Queens) RedHat ansible-0:2.6.11-1.el7ae *
Red Hat OpenStack Platform 13.0 (Queens) RedHat openstack-ec2-api-0:6.0.1-0.20181123223255.1e25260.el7ost *
Red Hat OpenStack Platform 13.0 (Queens) RedHat openstack-manila-1:6.0.2-5.el7ost *
Red Hat OpenStack Platform 13.0 (Queens) RedHat openstack-selinux-0:0.8.17-2.el7ost *
Red Hat OpenStack Platform 13.0 (Queens) RedHat openstack-tempest-1:18.0.0-6.el7ost *
Red Hat OpenStack Platform 13.0 (Queens) RedHat os-apply-config-0:8.3.1-0.20180831234255.be699ba.el7ost *
Red Hat OpenStack Platform 13.0 (Queens) RedHat python-barbicanclient-0:4.6.0-2.el7ost *
Red Hat OpenStack Platform 13.0 (Queens) RedHat python-docker-0:2.4.2-2.el7 *
Red Hat OpenStack Platform 13.0 (Queens) RedHat python-heat-tests-tempest-0:0.1.1-0.20180514163845.9d99219.el7ost *
Red Hat OpenStack Platform 13.0 (Queens) RedHat python-novajoin-0:1.0.22-1.el7ost *
Red Hat OpenStack Platform 13.0 (Queens) RedHat python-openstackclient-0:3.14.3-2.el7ost *
Red Hat OpenStack Platform 13.0 (Queens) RedHat python-openstacksdk-0:0.11.3-2.el7ost *
Red Hat OpenStack Platform 13.0 (Queens) RedHat python-vmware-nsxlib-0:12.0.4-3.el7ost *
Red Hat OpenStack Platform 13.0 (Queens) RedHat rhosp-release-0:13.0.5-1.el7ost *
Red Hat OpenStack Platform 14.0 (Rocky) RedHat ansible-0:2.6.11-1.el7ae *
Ansible Ubuntu bionic *
Ansible Ubuntu cosmic *
Ansible Ubuntu esm-infra-legacy/trusty *
Ansible Ubuntu trusty *
Ansible Ubuntu trusty/esm *
Ansible Ubuntu upstream *
Ansible Ubuntu xenial *

References