Lucene search

CVE-2016-8628

🗓️ 31 Jul 2018 20:00:29Reported by redhatType

Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as

Reporter	Title	Published	Views	Family All 24
OSV	CVE-2016-8628	31 Jul 201820:29	–	osv
OSV	PYSEC-2018-38	31 Jul 201820:29	–	osv
OSV	RHSA-2016:2778 Red Hat Security Advisory: atomic-openshift-utils security and bug fix update	15 Sep 202423:47	–	osv
OSV	Ansible fails to properly sanitize fact variables sent from the Ansible controller	10 Oct 201817:23	–	osv
Github Security Blog	Ansible fails to properly sanitize fact variables sent from the Ansible controller	10 Oct 201817:23	–	github
RedhatCVE	CVE-2016-8628	12 Jan 201721:47	–	redhatcve
Tenable Nessus	RHEL 7 : atomic-openshift-utils (RHSA-2016:2778)	4 Dec 201800:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2016-8628	4 Mar 202500:00	–	nessus
Tenable Nessus	Fedora 25 : ansible (2016-3ccb098630)	21 Nov 201600:00	–	nessus
Tenable Nessus	Fedora 24 : ansible (2016-3113e71193)	8 Nov 201600:00	–	nessus

Nvd

Vulners

Node

redhat ansibleRange<2.2.0

[
  {
    "product": "Ansible",
    "vendor": "Red Hat",
    "versions": [
      {
        "status": "affected",
        "version": "2.2.0"
      }
    ]
  }
]

Source	Link
securityfocus	www.securityfocus.com/bid/94109
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/errata/RHSA-2016:2778

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

31 Jul 2018 20:29Current

9.2High risk

Vulners AI Score9.2

CVSS29

CVSS37.6 - 9.1

EPSS0.01237

CWE-77