CVE-2018-16837

Current Description

Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.

Basic Data

PublishedOctober 23, 2018
Last ModifiedOctober 03, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-311
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score2.1
SeverityLOW
Exploitability Score3.9
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 3 - Attack VectorLOCAL
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredLOW
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactHIGH
CVSS 3 - Integrity ImpactHIGH
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score7.8
CVSS 3 - Base SeverityHIGH
Exploitability Score1.8
Base SeverityHIGH

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatAnsible Engine2.0*******
    2.3ApplicationRedhatAnsible Engine2.5*******
    2.3ApplicationRedhatAnsible Engine2.6*******
    2.3ApplicationRedhatAnsible Engine2.7*******
    2.3ApplicationRedhatAnsible Tower3.3.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux8.0*******
    2.3OSDebianDebian Linux9.0*******
  • AND
    • OR - Configuration 3
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationSusePackage Hub-*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSSuseLinux Enterprise12.0*******

Vulnerable Software List

VendorProductVersions
Debian Debian Linux 8.0, 9.0
Redhat Ansible Tower 3.3.0
Redhat Ansible Engine 2.0, 2.5, 2.6, 2.7
Suse Package Hub -

References

NameSourceURLTags
openSUSE-SU-2019:1125http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.htmlSUSEThird Party Advisory
openSUSE-SU-2019:1635http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.htmlSUSE
openSUSE-SU-2019:1858http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.htmlSUSE
105700http://www.securityfocus.com/bid/105700BIDThird Party Advisory VDB Entry
RHSA-2018:3460https://access.redhat.com/errata/RHSA-2018:3460REDHATVendor Advisory
RHSA-2018:3461https://access.redhat.com/errata/RHSA-2018:3461REDHATVendor Advisory
RHSA-2018:3462https://access.redhat.com/errata/RHSA-2018:3462REDHATVendor Advisory
RHSA-2018:3463https://access.redhat.com/errata/RHSA-2018:3463REDHATVendor Advisory
RHSA-2018:3505https://access.redhat.com/errata/RHSA-2018:3505REDHATVendor Advisory
https://access.redhat.com/security/cve/cve-2018-16837https://access.redhat.com/security/cve/cve-2018-16837MISCVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16837https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16837CONFIRMIssue Tracking Vendor Advisory
[debian-lts-announce] 20181112 [SECURITY] [DLA 1576-1] ansible security updatehttps://lists.debian.org/debian-lts-announce/2018/11/msg00012.htmlMLISTMailing List Third Party Advisory
USN-4072-1https://usn.ubuntu.com/4072-1/UBUNTU
DSA-4396https://www.debian.org/security/2019/dsa-4396DEBIANThird Party Advisory