7.8

CVE-2018-16837

Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatAnsible Engine Version2.0
RedhatAnsible Engine Version2.5
RedhatAnsible Engine Version2.6
RedhatAnsible Engine Version2.7
RedhatAnsible Tower Version3.3.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
SusePackage Hub Version-
   SuseLinux Enterprise Version12.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.35% 0.271
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
secalert@redhat.com 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-214 Invocation of Process Using Visible Sensitive Information

A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

https://access.redhat.com/errata/RHSA-2018:3505
Vendor Advisory
https://usn.ubuntu.com/4072-1/
https://www.debian.org/security/2019/dsa-4396
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html
http://www.securityfocus.com/bid/105700
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:3460
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:3461
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:3462
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:3463
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16837
Vendor Advisory
Issue Tracking
https://lists.debian.org/debian-lts-announce/2018/11/msg00012.html
Third Party Advisory
Mailing List
https://access.redhat.com/security/cve/cve-2018-16837
Vendor Advisory