Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-9587

Опубликовано: 24 апр. 2018
Источник: debian
EPSS Низкий

Описание

Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ansiblefixed2.2.0.0-3package
ansiblenot-affectedjessiepackage

Примечания

  • Fixed by: https://github.com/ansible/ansible/commit/ec84ff6de6eca9224bf3f22b752bb8da806611ed (v2.2.1.0-0.3.rc3)

  • Fixed by: https://github.com/ansible/ansible/commit/eb8c26c105e8457b86324b64a13fac37d8862d47 (v2.2.1.0-0.4.rc4)

  • Fixed by: https://github.com/ansible/ansible/commit/cc4634a5e73c06c6b4581f11171289ca9228391e (v2.2.1.0-0.4.rc4)

  • Fix in 2.2.0.0-2 only partially addressed the issues, and needed a follow-up, 2.2.0.0-3

EPSS

Процентиль: 88%
0.0379
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2016-9587

CVSS3: 8.1
ubuntu
почти 8 лет назад

Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

redhat логотип

CVE-2016-9587

CVSS3: 6.6
redhat
около 9 лет назад

Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

nvd логотип

CVE-2016-9587

CVSS3: 8.1
nvd
почти 8 лет назад

Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

github логотип

GHSA-m956-frf4-m2wr

CVSS3: 8.1
github
больше 7 лет назад

Ansible is vulnerable to an improper input validation in Ansible's handling of data sent from client systems

suse-cvrf логотип

SUSE-SU-2024:1509-1

suse-cvrf
почти 2 года назад

Security update for SUSE Manager Client Tools

EPSS

Процентиль: 88%
0.0379
Низкий