Lucene search

K

GoogleOSV:PYSEC-2018-37

HistoryJul 31, 2018 - 9:29 p.m.

PYSEC-2018-37

2018-07-3121:29:00

Google

osv.dev

10

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

52.2%

A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.

CPENameOperatorVersion
ansibleeq2.0.0
ansibleeq1.6
ansibleeq1.5.1
ansibleeq1.8.4
ansibleeq1.3.4
ansibleeq1.7.1
ansibleeq2.0.0.1
ansibleeq2.1.3.0
ansibleeq1.3.1
ansibleeq1.2

Rows per page:

1-10 of 631

References

www.securityfocus.com/bid/94108

bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8614

github.com/advisories/GHSA-cmwx-9m2h-x7v4

github.com/ansible/ansible-modules-core/issues/5237

github.com/ansible/ansible-modules-core/pull/5353

github.com/ansible/ansible-modules-core/pull/5357

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

52.2%

Related for OSV:PYSEC-2018-37

osv2 cve1 ubuntucve1 cvelist1 prion1 debiancve1 veracode1 redhatcve1 github1 openvas3 nessus4 fedora2 mageia1