Search for packages
Package details: pkg:pypi/ansible@2.7
purl pkg:pypi/ansible@2.7
Tags Ghost
Next non-vulnerable version 8.5.0
Latest non-vulnerable version 8.5.0
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-4256-s7ta-aaar
Aliases:
CVE-2018-16837
GHSA-hwrm-63v2-42g4
PYSEC-2018-44
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.
2.7.1
Affected by 39 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2024-09-17T22:26:55.348226+00:00 GitLab Importer Affected by VCID-4256-s7ta-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2018-16837.yml 34.0.1
2024-01-03T17:52:51.972732+00:00 GitLab Importer Affected by VCID-4256-s7ta-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ansible/CVE-2018-16837.yml 34.0.0rc1