CVE-2013-2233

Опубликовано: 04 мая 2018

Источник: nvd

CVSS3: 7.4

CVSS2: 5.8

EPSS Низкий

Описание

Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.

Ссылки

http://www.openwall.com/lists/oss-security/2013/07/01/2
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/07/02/6
Mailing List
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=980821
Issue Tracking
https://github.com/ansible/ansible/issues/857
Issue Tracking
Third Party Advisory
https://www.ansible.com/security
Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/07/01/2
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/07/02/6
Mailing List
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=980821
Issue Tracking
https://github.com/ansible/ansible/issues/857
Issue Tracking
Third Party Advisory
https://www.ansible.com/security
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*

Версия до 1.2.1 (исключая)

EPSS

Процентиль: 57%

0.0035

Низкий

7.4 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-320

Связанные уязвимости

CVE-2013-2233

CVSS3: 7.4

ubuntu

почти 8 лет назад

Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.

CVE-2013-2233

CVSS3: 7.4

debian

почти 8 лет назад

Ansible before 1.2.1 makes it easier for remote attackers to conduct m ...

GHSA-9x6q-5423-w5v9

CVSS3: 7.4

github

больше 7 лет назад

Ansible fails to cache SSH host keys

EPSS

Процентиль: 57%

0.0035

Низкий

7.4 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-320