Lucene search

K

Veracode Vulnerability DatabaseVERACODE:12245

HistoryJan 15, 2019 - 9:14 a.m.

Command Injection

2019-01-1509:14:44

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

12

EPSS

0.002

Percentile

59.7%

ansible is vulnerable to command injection. It is possible due to a lack of the returned facts validation, allowing a remote host running ansible or via escalated permissions to alter connection or interpreter settings by injecting malicious command through it.

References

www.securityfocus.com/bid/94109

access.redhat.com/errata/RHSA-2016:2778

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1378929

bugzilla.redhat.com/show_bug.cgi?id=1382634

bugzilla.redhat.com/show_bug.cgi?id=1382936

bugzilla.redhat.com/show_bug.cgi?id=1383961

bugzilla.redhat.com/show_bug.cgi?id=1386333

bugzilla.redhat.com/show_bug.cgi?id=1389275

bugzilla.redhat.com/show_bug.cgi?id=1389928

bugzilla.redhat.com/show_bug.cgi?id=1391548

bugzilla.redhat.com/show_bug.cgi?id=1391608

bugzilla.redhat.com/show_bug.cgi?id=1391865

bugzilla.redhat.com/show_bug.cgi?id=1392169

bugzilla.redhat.com/show_bug.cgi?id=1392276

bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628

EPSS

0.002

Percentile

59.7%

Related for VERACODE:12245

osv3 github1 redhatcve1 nessus5 nvd1 prion1 cvelist1 debiancve1 cve1 redhat1 ubuntucve1 fedora2 openvas2