EPSS
Percentile
53.3%
ansible is vulnerable to incorrect key verification. The library does not verify key fingerprints before uploading them. This allows a malicious user to generate a key with the desired 16 digit id and upload it to the server.
www.securityfocus.com/bid/94108
bugzilla.redhat.com/show_bug.cgi?id=1388038
bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8614
github.com/ansible/ansible-modules-core/issues/5237
github.com/ansible/ansible-modules-core/pull/5353
github.com/ansible/ansible-modules-core/pull/5357