vulnerability

Red Hat: CVE-2018-16837: Low: Red Hat Enterprise Linux OpenStack Platform security update (RHSA-2019:0564)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
2	(AV:L/AC:L/Au:N/C:P/I:N/A:N)	Oct 23, 2018	Sep 5, 2019	Mar 3, 2021

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:N/A:N)

Published

Oct 23, 2018

Added

Sep 5, 2019

Modified

Mar 3, 2021

Description

Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.

Solutions

redhat-upgrade-python-openstackclient-langredhat-upgrade-python2-barbicanclientredhat-upgrade-python2-openstackclientredhat-upgrade-python2-openstacksdk

References

BID-105700
DEBIAN-DSA-4396
NVD-CVE-2018-16837
REDHAT-RHSA-2018:3460
REDHAT-RHSA-2018:3461
REDHAT-RHSA-2018:3462
REDHAT-RHSA-2018:3463
REDHAT-RHSA-2018:3505

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report