<p>Upgrade <code>ansible</code> to version 2.7.1 or higher.</p>

Information Exposure Affecting ansible package, versions [,2.7.1)

Snyk CVSS

Attack Complexity Low

User Interaction Required

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS 0.06% (28^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PYTHON-ANSIBLE-72546
published 29 Oct 2018
disclosed 23 Oct 2018
credit Markus Teufelberger

Report a new vulnerability Found a mistake?

Introduced: 23 Oct 2018

CVE-2018-16837 Open this link in a new tab CWE-214 Open this link in a new tab

How to fix?

Upgrade ansible to version 2.7.1 or higher.

Overview

ansible is a radically simple IT automation system.

Affected versions of this package are vulnerable to Information Exposure. The User module would leak any data which is passed on as a parameter to ssh-keygen.

References

https://github.com/ansible/ansible/commit/a0aa53d1a1d6075a7ae98ace138712ee6cb45ae4
https://github.com/ansible/ansible/pull/47436
https://bugzilla.redhat.com/show_bug.cgi?id=1640642