Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.
                
            Metrics
Affected Vendors & Products
Advisories
    | Source | ID | Title | 
|---|---|---|
|  Debian DLA | DLA-1576-1 | ansible security update | 
|  Debian DSA | DSA-4396-1 | ansible security update | 
|  EUVD | EUVD-2018-0017 | Ansible \"User\" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list. | 
|  Github GHSA | GHSA-hwrm-63v2-42g4 | Ansible Leaks Data Passed to ssh-keygen | 
|  Ubuntu USN | USN-4072-1 | Ansible vulnerabilities | 
Fixes
    Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
        History
                    No history.
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-05T10:32:54.010Z
Reserved: 2018-09-11T00:00:00
Link: CVE-2018-16837
 Vulnrichment
                        Vulnrichment
                    No data.
 NVD
                        NVD
                    Status : Modified
Published: 2018-10-23T15:29:00.607
Modified: 2024-11-21T03:53:24.797
Link: CVE-2018-16837
 Redhat
                        Redhat
                     OpenCVE Enrichment
                        OpenCVE Enrichment
                    No data.