Lucene search
GoogleOSV:GHSA-JG4F-JQM5-4MGQHistoryOct 10, 2018 - 5:23 p.m.
Ansible fails to properly sanitize fact variables sent from the Ansible controller
2018-10-1017:23:14
Google
osv.dev
12
EPSS
0.002
Percentile
59.7%
Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.
References
www.securityfocus.com/bid/94109
access.redhat.com/errata/RHSA-2016:2778
bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628
github.com/advisories/GHSA-jg4f-jqm5-4mgq
github.com/ansible/ansible
github.com/ansible/ansible/commit/35938b907dfcd1106ca40b794f0db446bdb8cf09
github.com/ansible/ansible/issues/41903
nvd.nist.gov/vuln/detail/CVE-2016-8628
Related
osv
osv
CVE-2016-8628
2018-07-31 20:29:00
PYSEC-2018-38
2018-07-31 20:29:00
github
github
redhatcve
redhatcve
CVE-2016-8628
2017-01-12 21:47:42
nessus
nessus
RHEL 7 : atomic-openshift-utils (RHSA-2016:2778)
2018-12-04 00:00:00
Fedora 24 : ansible (2016-3113e71193)
2016-11-08 00:00:00
Fedora 25 : ansible (2016-3ccb098630)
2016-11-21 00:00:00
nvd
nvd
CVE-2016-8628
2018-07-31 20:29:00
cvelist
cvelist
CVE-2016-8628
2018-07-31 20:00:00
prion
prion
Design/Logic Flaw
2018-07-31 20:29:00
debiancve
debiancve
CVE-2016-8628
2018-07-31 20:29:00
cve
cve
CVE-2016-8628
2018-07-31 20:29:00
veracode
veracode
Command Injection
2019-01-15 09:14:44
redhat
redhat
ubuntucve
ubuntucve
CVE-2016-8628
2018-07-31 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: ansible-2.2.0.0-3.fc24
2016-11-07 23:35:09
[SECURITY] Fedora 25 Update: ansible-2.2.0.0-3.fc25
2016-11-19 22:01:28
openvas
openvas
Fedora Update for ansible FEDORA-2016-3ccb098630
2016-12-07 00:00:00
Fedora Update for ansible FEDORA-2016-3113e71193
2016-12-02 00:00:00