Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Ansible by unspecified

    CVE-2016-9587 (GCVE-0-2016-9587)

    Vulnerability from nvd – Published: 2018-04-24 16:00 – Updated: 2024-08-06 02:59
    VLAI
    Summary
    Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2017:0515 vendor-advisoryx_refsource_REDHAT
    https://www.exploit-db.com/exploits/41013/ exploitx_refsource_EXPLOIT-DB
    https://security.gentoo.org/glsa/201701-77 vendor-advisoryx_refsource_GENTOO
    https://access.redhat.com/errata/RHSA-2017:1685 vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/95352 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2017:0448 vendor-advisoryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2017-0195.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2017-0260.html vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    unspecified Ansible Affected: ansible 2.1.4
    Affected: ansible 2.2.1
    Create a notification for this product.
    Date Public
    2017-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:59:02.537Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2017:0515",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:0515"
              },
              {
                "name": "41013",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/41013/"
              },
              {
                "name": "GLSA-201701-77",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-77"
              },
              {
                "name": "RHSA-2017:1685",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1685"
              },
              {
                "name": "95352",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95352"
              },
              {
                "name": "RHSA-2017:0448",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:0448"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587"
              },
              {
                "name": "RHSA-2017:0195",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0195.html"
              },
              {
                "name": "RHSA-2017:0260",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0260.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ansible",
              "vendor": "unspecified",
              "versions": [
                {
                  "status": "affected",
                  "version": "ansible 2.1.4"
                },
                {
                  "status": "affected",
                  "version": "ansible 2.2.1"
                }
              ]
            }
          ],
          "datePublic": "2017-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible\u0027s handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-25T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2017:0515",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:0515"
            },
            {
              "name": "41013",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/41013/"
            },
            {
              "name": "GLSA-201701-77",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-77"
            },
            {
              "name": "RHSA-2017:1685",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1685"
            },
            {
              "name": "95352",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95352"
            },
            {
              "name": "RHSA-2017:0448",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:0448"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587"
            },
            {
              "name": "RHSA-2017:0195",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0195.html"
            },
            {
              "name": "RHSA-2017:0260",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0260.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2016-9587",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ansible",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "ansible 2.1.4"
                              },
                              {
                                "version_value": "ansible 2.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": ""
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible\u0027s handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "6.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                    "version": "3.0"
                  }
                ],
                [
                  {
                    "vectorString": "6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P",
                    "version": "2.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2017:0515",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:0515"
                },
                {
                  "name": "41013",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/41013/"
                },
                {
                  "name": "GLSA-201701-77",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201701-77"
                },
                {
                  "name": "RHSA-2017:1685",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1685"
                },
                {
                  "name": "95352",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95352"
                },
                {
                  "name": "RHSA-2017:0448",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:0448"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587"
                },
                {
                  "name": "RHSA-2017:0195",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0195.html"
                },
                {
                  "name": "RHSA-2017:0260",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0260.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-9587",
        "datePublished": "2018-04-24T16:00:00.000Z",
        "dateReserved": "2016-11-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:59:02.537Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9587 (GCVE-0-2016-9587)

    Vulnerability from cvelistv5 – Published: 2018-04-24 16:00 – Updated: 2024-08-06 02:59
    VLAI
    Summary
    Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2017:0515 vendor-advisoryx_refsource_REDHAT
    https://www.exploit-db.com/exploits/41013/ exploitx_refsource_EXPLOIT-DB
    https://security.gentoo.org/glsa/201701-77 vendor-advisoryx_refsource_GENTOO
    https://access.redhat.com/errata/RHSA-2017:1685 vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/95352 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2017:0448 vendor-advisoryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2017-0195.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2017-0260.html vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    unspecified Ansible Affected: ansible 2.1.4
    Affected: ansible 2.2.1
    Create a notification for this product.
    Date Public
    2017-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:59:02.537Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2017:0515",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:0515"
              },
              {
                "name": "41013",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/41013/"
              },
              {
                "name": "GLSA-201701-77",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-77"
              },
              {
                "name": "RHSA-2017:1685",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1685"
              },
              {
                "name": "95352",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95352"
              },
              {
                "name": "RHSA-2017:0448",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:0448"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587"
              },
              {
                "name": "RHSA-2017:0195",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0195.html"
              },
              {
                "name": "RHSA-2017:0260",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-0260.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ansible",
              "vendor": "unspecified",
              "versions": [
                {
                  "status": "affected",
                  "version": "ansible 2.1.4"
                },
                {
                  "status": "affected",
                  "version": "ansible 2.2.1"
                }
              ]
            }
          ],
          "datePublic": "2017-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible\u0027s handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-25T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2017:0515",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:0515"
            },
            {
              "name": "41013",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/41013/"
            },
            {
              "name": "GLSA-201701-77",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-77"
            },
            {
              "name": "RHSA-2017:1685",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1685"
            },
            {
              "name": "95352",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95352"
            },
            {
              "name": "RHSA-2017:0448",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:0448"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587"
            },
            {
              "name": "RHSA-2017:0195",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0195.html"
            },
            {
              "name": "RHSA-2017:0260",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0260.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2016-9587",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ansible",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "ansible 2.1.4"
                              },
                              {
                                "version_value": "ansible 2.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": ""
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible\u0027s handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "6.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                    "version": "3.0"
                  }
                ],
                [
                  {
                    "vectorString": "6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P",
                    "version": "2.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2017:0515",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:0515"
                },
                {
                  "name": "41013",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/41013/"
                },
                {
                  "name": "GLSA-201701-77",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201701-77"
                },
                {
                  "name": "RHSA-2017:1685",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1685"
                },
                {
                  "name": "95352",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95352"
                },
                {
                  "name": "RHSA-2017:0448",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:0448"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587"
                },
                {
                  "name": "RHSA-2017:0195",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0195.html"
                },
                {
                  "name": "RHSA-2017:0260",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-0260.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-9587",
        "datePublished": "2018-04-24T16:00:00.000Z",
        "dateReserved": "2016-11-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:59:02.537Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }