CVE-2016-8628
7.6
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Summary
Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Ansible | 2.2.0 | affected |
Weaknesses
- CWE-77: CWE-77
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2016:2778
- http://www.securityfocus.com/bid/94109
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628
References
- https://access.redhat.com/errata/RHSA-2016:2778
- http://www.securityfocus.com/bid/94109
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.