Red Hat Ansible User Module Information Disclosure Vulnerability



A vulnerability in the User module of Red Hat Ansible could allow a local attacker to access sensitive information on a targeted system.

The vulnerability exists because the User module could leak information that is passed as a parameter to the ssh-keygen executable. An attacker could exploit this vulnerability to access sensitive information on a targeted system. A successful exploit could be used to conduct further attacks.

Red Hat has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2018-16837

Source:: Cisco Multivendor Vulnerability Alerts