CVE-2018-16837
Information Leak vulnerability in ansible (PyPI)
What is CVE-2018-16837 About?
This vulnerability is an information leak issue in the Ansible "User" module, which exposes sensitive data passed as parameters to ssh-keygen within the process list. This can lead to disclosure of credentials like passphrases to any user with access to the process list. Exploitation is relatively easy for an authenticated local attacker.
Affected Software
- ansible
- >=2.7.0a1, <2.7.1
- <2.5.11
- >=2.6.0a1, <2.6.7
- >=2.7, <2.7.1
Technical Details
The Ansible "User" module, when invoked, passes parameters directly to the ssh-keygen executable. If sensitive data, such as passphrases, is included as a direct parameter to ssh-keygen, this data will be visible in plain text strings within the system's process list. Any local user with permissions to view running processes (e.g., via ps or /proc filesystem access) can retrieve these credentials, leading to an unauthorized information disclosure.
What is the Impact of CVE-2018-16837?
Successful exploitation may allow attackers to gain unauthorized access to sensitive information, including credentials and passphrases, which could lead to further system compromise or unauthorized actions.
What is the Exploitability of CVE-2018-16837?
Exploitation complexity is low, primarily requiring local access to the system where Ansible is being executed. Authentication to the system is necessary to view the process list. No elevated privileges beyond standard user access to process information are required, though root access would grant full visibility. This is a local-only vulnerability. The primary risk factor is the execution of Ansible with sensitive data passed as parameters to ssh-keygen on multi-user systems.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2018-16837?
Available Upgrade Options
- ansible
- <2.5.11 → Upgrade to 2.5.11
- ansible
- >=2.6.0a1, <2.6.7 → Upgrade to 2.6.7
- ansible
- >=2.7, <2.7.1 → Upgrade to 2.7.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://access.redhat.com/errata/RHSA-2018:3462
- https://github.com/ansible/ansible/pull/47487
- https://access.redhat.com/errata/RHSA-2018:3460
- https://github.com/ansible/ansible/blob/c963ef1dfbf73efea5106624eb48b346f01eaefd/changelogs/CHANGELOG-v2.7.rst?plain=1#L138
- https://access.redhat.com/errata/RHSA-2018:3463
- https://github.com/ansible/ansible
- https://www.debian.org/security/2019/dsa-4396
- https://github.com/ansible/ansible/pull/47436
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html
- https://access.redhat.com/errata/RHSA-2018:3462
What are Similar Vulnerabilities to CVE-2018-16837?
Similar Vulnerabilities: CVE-2016-7075 , CVE-2016-10706 , CVE-2019-12450 , CVE-2019-12449 , CVE-2019-1387
