{"url":"http://public2.vulnerablecode.io/api/packages/56927?format=json","purl":"pkg:pypi/ansible@2.5","type":"pypi","namespace":"","name":"ansible","version":"2.5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.0.0","latest_non_vulnerable_version":"12.0.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35275?format=json","vulnerability_id":"VCID-yre5-mmmj-q3bn","summary":"Ansible \"User\" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3460","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3460"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3461","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3462","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3463","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3463"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3505","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3505"},{"reference_url":"https://access.redhat.com/security/cve/cve-2018-16837","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/cve-2018-16837"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16837","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16837"},{"reference_url":"https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELOG-v2.5.rst#v2511","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/blob/stable-2.5/changelogs/CHANGELOG-v2.5.rst#v2511"},{"reference_url":"https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst#v267","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst#v267"},{"reference_url":"https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst#v2-7-1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst#v2-7-1"},{"reference_url":"https://github.com/ansible/ansible/commit/a0aa53d1a1d6075a7ae98ace138712ee6cb45ae4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/commit/a0aa53d1a1d6075a7ae98ace138712ee6cb45ae4"},{"reference_url":"https://github.com/ansible/ansible/pull/47436","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ansible/ansible/pull/47436"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00012.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00012.html"},{"reference_url":"https://usn.ubuntu.com/4072-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4072-1/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4396","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4396"},{"reference_url":"http://www.securityfocus.com/bid/105700","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/105700"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16837","reference_id":"CVE-2018-16837","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16837"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12357?format=json","purl":"pkg:pypi/ansible@2.5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-v5kk-umvk-6fgg"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/12356?format=json","purl":"pkg:pypi/ansible@2.6.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-v5kk-umvk-6fgg"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.6.7"},{"url":"http://public2.vulnerablecode.io/api/packages/12355?format=json","purl":"pkg:pypi/ansible@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sty-hqbq-63hy"},{"vulnerability":"VCID-2z4k-r21v-rfgx"},{"vulnerability":"VCID-5p9q-7q6e-vkg8"},{"vulnerability":"VCID-78m2-3fj5-tbh1"},{"vulnerability":"VCID-7ben-361w-tkdr"},{"vulnerability":"VCID-7qnx-1gp2-v7bb"},{"vulnerability":"VCID-833d-up6b-rfe1"},{"vulnerability":"VCID-8u2v-jtqe-dqg3"},{"vulnerability":"VCID-am9g-ba4h-sfhr"},{"vulnerability":"VCID-cuq1-se5h-vygd"},{"vulnerability":"VCID-cxts-25nq-4fcs"},{"vulnerability":"VCID-dkds-s3ad-cufa"},{"vulnerability":"VCID-etb4-2qch-6kgw"},{"vulnerability":"VCID-frk2-9jfm-cybm"},{"vulnerability":"VCID-gm99-68bj-c3cz"},{"vulnerability":"VCID-gxw4-ydnj-fkfe"},{"vulnerability":"VCID-hjc4-jcfm-7be5"},{"vulnerability":"VCID-hpqa-ysnc-b7dw"},{"vulnerability":"VCID-hq4d-92s2-vqg6"},{"vulnerability":"VCID-hs3w-mah1-ckb5"},{"vulnerability":"VCID-k8a2-5yfh-j7gp"},{"vulnerability":"VCID-mbj9-3bnb-wbda"},{"vulnerability":"VCID-p4p5-29r5-8qh9"},{"vulnerability":"VCID-pqj1-u787-g3aj"},{"vulnerability":"VCID-qztj-r7zc-jue3"},{"vulnerability":"VCID-subj-aje2-93bk"},{"vulnerability":"VCID-v5kk-umvk-6fgg"},{"vulnerability":"VCID-vhxq-1hqq-77bx"},{"vulnerability":"VCID-vsv2-4d8c-m3g1"},{"vulnerability":"VCID-vxkb-9p6a-5yan"},{"vulnerability":"VCID-w2n8-uxbb-k7f9"},{"vulnerability":"VCID-x4mr-vrp9-ufg6"},{"vulnerability":"VCID-ykkx-swgs-vybn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.1"}],"aliases":["CVE-2018-16837","PYSEC-2018-44"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yre5-mmmj-q3bn"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.5"}