Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DLA-1576-1 | ansible security update |
![]() |
DSA-4396-1 | ansible security update |
![]() |
EUVD-2018-0017 | Ansible \"User\" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list. |
![]() |
GHSA-hwrm-63v2-42g4 | Ansible Leaks Data Passed to ssh-keygen |
![]() |
USN-4072-1 | Ansible vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-05T10:32:54.010Z
Reserved: 2018-09-11T00:00:00
Link: CVE-2018-16837

No data.

Status : Modified
Published: 2018-10-23T15:29:00.607
Modified: 2024-11-21T03:53:24.797
Link: CVE-2018-16837


No data.