Fluid Attacks Database

Description

Ansible Leaks Data Passed to ssh-keygen Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.9	ansible	=0.3.1-r0 \|\| =0.4-r0 \|\| =0.5-r0 \|\| =0.7-r0 \|\| =0.7.1-r0 \|\| =0.8-r0 \|\| =0.9-r0 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.1-r0 \|\| =1.1-r1 \|\| =1.2-r1 \|\| =1.2.1-r1 \|\| =1.2.2-r0 \|\| =1.2.3-r0 \|\| =1.3.3-r0 \|\| =1.3.4-r0 \|\| =1.4.1-r0 \|\| =1.4.3-r0 \|\| =1.4.5-r0 \|\| =1.5.0-r0 \|\| =1.5.4-r0 \|\| =1.5.5-r0 \|\| =1.6.1-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.6.7-r0 \|\| =1.7.0-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.8.0-r0 \|\| =1.8.2-r0 \|\| =1.8.4-r0 \|\| =1.9.2-r0 \|\| =1.9.2-r1 \|\| =1.9.3-r0 \|\| =1.9.3-r1 \|\| =1.9.4-r0 \|\| =2.0.0.2-r0 \|\| =2.0.0.2-r1 \|\| =2.0.1.0-r1 \|\| =2.1.0.0-r0 \|\| =2.1.1.0-r0 \|\| =2.1.2.0-r0 \|\| =2.2.0.0-r0 \|\| =2.2.1.0-r0 \|\| =2.2.1.0-r1 \|\| =2.2.2.0-r0 \|\| =2.3.0.0-r0 \|\| =2.3.0.0-r1 \|\| =2.3.1.0-r0 \|\| =2.3.2.0-r0 \|\| =2.4.0.0-r0 \|\| =2.4.1.0-r0 \|\| =2.4.2.0-r0 \|\| =2.4.3.0-r0 \|\| =2.5.0-r0 \|\| =2.5.2-r0 \|\| =2.5.4-r0 \|\| =2.5.5-r0 \|\| =2.6.0-r0 \|\| =2.6.1-r0 \|\| =2.6.3-r0 \|\| =2.7.0-r0 \|\| =2.7.0-r1 \|\| >=0 <2.7.1-r0	2.7.1-r0
debian 11	ansible	>=0 <2.7.1+dfsg-1	2.7.1+dfsg-1
alpine v3.8	ansible	=0.3.1-r0 \|\| =0.4-r0 \|\| =0.5-r0 \|\| =0.7-r0 \|\| =0.7.1-r0 \|\| =0.8-r0 \|\| =0.9-r0 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.1-r0 \|\| =1.1-r1 \|\| =1.2-r1 \|\| =1.2.1-r1 \|\| =1.2.2-r0 \|\| =1.2.3-r0 \|\| =1.3.3-r0 \|\| =1.3.4-r0 \|\| =1.4.1-r0 \|\| =1.4.3-r0 \|\| =1.4.5-r0 \|\| =1.5.0-r0 \|\| =1.5.4-r0 \|\| =1.5.5-r0 \|\| =1.6.1-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.6.7-r0 \|\| =1.7.0-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.8.0-r0 \|\| =1.8.2-r0 \|\| =1.8.4-r0 \|\| =1.9.2-r0 \|\| =1.9.2-r1 \|\| =1.9.3-r0 \|\| =1.9.3-r1 \|\| =1.9.4-r0 \|\| =2.0.0.2-r0 \|\| =2.0.0.2-r1 \|\| =2.0.1.0-r1 \|\| =2.1.0.0-r0 \|\| =2.1.1.0-r0 \|\| =2.1.2.0-r0 \|\| =2.2.0.0-r0 \|\| =2.2.1.0-r0 \|\| =2.2.1.0-r1 \|\| =2.2.2.0-r0 \|\| =2.3.0.0-r0 \|\| =2.3.0.0-r1 \|\| =2.3.1.0-r0 \|\| =2.3.2.0-r0 \|\| =2.4.0.0-r0 \|\| =2.4.1.0-r0 \|\| =2.4.2.0-r0 \|\| =2.4.3.0-r0 \|\| =2.5.0-r0 \|\| =2.5.2-r0 \|\| =2.5.4-r0 \|\| =2.5.5-r0 \|\| >=0 <2.5.11-r0	2.5.11-r0
debian 12	ansible	>=0 <2.7.1+dfsg-1	2.7.1+dfsg-1
debian 13	ansible	>=0 <2.7.1+dfsg-1	2.7.1+dfsg-1
debian 14	ansible	>=0 <2.7.1+dfsg-1	2.7.1+dfsg-1
pypi	ansible	>=2.7.0a1 <2.7.1 \|\| >=2.6.0a1 <2.6.7 \|\| >=0 <2.5.11	2.7.1, 2.6.7, 2.5.11

Aliases

1. CVE-2018-168372. NVD-2018-168373. OSV-ALPINE-2018-168374. OSV-2018-168375. OSV-DEBIAN-2018-168376. GCVE-2018-168377. SECURITY-CVE-2018-168378. SECURITY-TRACKER-CVE-2018-168379. lists.debian.org10. ACCESS-cve-2018-1683711. access.redhat.com12. access.redhat.com13. access.redhat.com14. access.redhat.com15. access.redhat.com

References

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.