7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
26.4%
Package : ansible
Version : 1.7.2+dfsg-2+deb8u1
CVE ID : CVE-2018-16837
Debian Bug : #912297
It was discovered that there was a potential SSH passphrase disclosure
vulnerability in the ansible configuration management system,
The "User" module leaked data that was passed as a parameter to the
ssh-keygen(1) utility, thus revealing any credentials in cleartext form
in the global process list.
For Debian 8 "Jessie", this issue has been fixed in ansible version
1.7.2+dfsg-2+deb8u1.
We recommend that you upgrade your ansible packages.
Regards,
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | all | ansible-node-fireball | < 1.7.2+dfsg-2+deb8u1 | ansible-node-fireball_1.7.2+dfsg-2+deb8u1_all.deb |
Debian | 9 | all | ansible | < 2.2.1.0-2+deb9u1 | ansible_2.2.1.0-2+deb9u1_all.deb |
Debian | 8 | all | ansible-doc | < 1.7.2+dfsg-2+deb8u1 | ansible-doc_1.7.2+dfsg-2+deb8u1_all.deb |
Debian | 8 | all | ansible-fireball | < 1.7.2+dfsg-2+deb8u1 | ansible-fireball_1.7.2+dfsg-2+deb8u1_all.deb |
Debian | 8 | all | ansible | < 1.7.2+dfsg-2+deb8u1 | ansible_1.7.2+dfsg-2+deb8u1_all.deb |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
26.4%