Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-8628

Опубликовано: 01 нояб. 2016
Источник: redhat
CVSS3: 7.6
CVSS2: 6.8
EPSS Низкий

Описание

Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.

Ansible fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Gluster Storage 3.1ansibleNot affected
Red Hat OpenStack Platform 10 (Newton)ansibleNot affected
Red Hat Quickstart Cloud Installer 1ansibleAffected
Red Hat Storage Console 2ansibleNot affected
Red Hat OpenShift Container Platform 3.2ansibleFixedRHSA-2016:277815.11.2016
Red Hat OpenShift Container Platform 3.2openshift-ansibleFixedRHSA-2016:277815.11.2016
Red Hat OpenShift Container Platform 3.3ansibleFixedRHSA-2016:277815.11.2016
Red Hat OpenShift Container Platform 3.3openshift-ansibleFixedRHSA-2016:277815.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-77
https://bugzilla.redhat.com/show_bug.cgi?id=1388113ansible: Command injection by compromised server via fact variables

EPSS

Процентиль: 63%
0.00445
Низкий

7.6 High

CVSS3

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-8628

CVSS3: 7.6
ubuntu
больше 7 лет назад

Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.

nvd логотип

CVE-2016-8628

CVSS3: 7.6
nvd
больше 7 лет назад

Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.

debian логотип

CVE-2016-8628

CVSS3: 7.6
debian
больше 7 лет назад

Ansible before version 2.2.0 fails to properly sanitize fact variables ...

github логотип

GHSA-jg4f-jqm5-4mgq

CVSS3: 9.1
github
больше 7 лет назад

Ansible fails to properly sanitize fact variables sent from the Ansible controller

suse-cvrf логотип

SUSE-SU-2024:1509-1

suse-cvrf
почти 2 года назад

Security update for SUSE Manager Client Tools

EPSS

Процентиль: 63%
0.00445
Низкий

7.6 High

CVSS3

6.8 Medium

CVSS2