Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-9587

Опубликовано: 09 янв. 2017
Источник: redhat
CVSS3: 6.6
CVSS2: 6.8

Описание

Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenStack Platform 11 (Ocata)ansibleAffected
Red Hat Quickstart Cloud Installer 1ansibleWill not fix
Red Hat Gluster Storage 3.1 for RHEL 7ansibleFixedRHSA-2017:026007.02.2017
Red Hat Gluster Storage 3.1 for RHEL 7gdeployFixedRHSA-2017:026007.02.2017
Red Hat Gluster Storage 3.1 for RHEL 7python-passlibFixedRHSA-2017:026007.02.2017
Red Hat OpenShift Container Platform 3.2ansibleFixedRHSA-2017:044806.03.2017
Red Hat OpenShift Container Platform 3.2openshift-ansibleFixedRHSA-2017:044806.03.2017
Red Hat OpenShift Container Platform 3.3ansibleFixedRHSA-2017:044806.03.2017
Red Hat OpenShift Container Platform 3.3openshift-ansibleFixedRHSA-2017:044806.03.2017
Red Hat OpenShift Container Platform 3.4ansibleFixedRHSA-2017:044806.03.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1404378Ansible: Compromised remote hosts can lead to running commands on the Ansible controller

6.6 Medium

CVSS3

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-9587

CVSS3: 8.1
ubuntu
почти 8 лет назад

Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

nvd логотип

CVE-2016-9587

CVSS3: 8.1
nvd
почти 8 лет назад

Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

debian логотип

CVE-2016-9587

CVSS3: 8.1
debian
почти 8 лет назад

Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper inpu ...

github логотип

GHSA-m956-frf4-m2wr

CVSS3: 8.1
github
больше 7 лет назад

Ansible is vulnerable to an improper input validation in Ansible's handling of data sent from client systems

suse-cvrf логотип

SUSE-SU-2024:1509-1

suse-cvrf
почти 2 года назад

Security update for SUSE Manager Client Tools

6.6 Medium

CVSS3

6.8 Medium

CVSS2