Lucene search

K

Veracode Vulnerability DatabaseVERACODE:7638

HistoryOct 24, 2018 - 5:26 a.m.

Information Disclosure

2018-10-2405:26:22

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

12

0.001 Low

EPSS

Percentile

28.1%

ansible is vulnerable to information disclosure. The vulnerability exists in the user module when it passes the ssh_key_passphrase value to the ssh-keygen executable as a parameter, allowing any user with access to the process list to retrieve the passphrase in cleartext.

CPENameOperatorVersion
ansiblele2.7.0

References

lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html

lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html

lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html

www.securityfocus.com/bid/105700

access.redhat.com/errata/RHSA-2018:3460

access.redhat.com/errata/RHSA-2018:3461

access.redhat.com/errata/RHSA-2018:3462

access.redhat.com/errata/RHSA-2018:3463

access.redhat.com/errata/RHSA-2018:3505

access.redhat.com/security/cve/cve-2018-16837

bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16837

github.com/ansible/ansible/commit/a0aa53d1a1d6075a7ae98ace138712ee6cb45ae4

lists.debian.org/debian-lts-announce/2018/11/msg00012.html

usn.ubuntu.com/4072-1/

www.debian.org/security/2019/dsa-4396

0.001 Low

EPSS

Percentile

28.1%

Related for VERACODE:7638

debian2 nessus10 redhat7 alpinelinux1 osv5 cve1 redhatcve1 github1 debiancve1 cvelist1 openvas5 veracode1 nvd1 ubuntucve1 prion1 mageia1 suse4 ubuntu1