CVE-2016-8614 — Improperly Implemented Security Check for Standard in Redhat Ansible
Severity
7.5HIGHNVD
CNA6.3
EPSS
0.1%
top 76.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 31
Latest updateMar 5
Description
A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages4 packages
Patches
🔴Vulnerability Details
4📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2016-8614 ansible: Improper verification of key fingerprints in apt_key module [epel-all]↗2016-11-01
Bugzilla▶
CVE-2016-8614 ansible1.9: ansible: Improper verification of key fingerprints in apt_key module [fedora-all]↗2016-11-01
Bugzilla▶
CVE-2016-8614 ansible: Improper verification of key fingerprints in apt_key module [fedora-all]↗2016-11-01
Bugzilla▶
CVE-2016-8614 ansible1.9: ansible: Improper verification of key fingerprints in apt_key module [epel-all]↗2016-11-01
Bugzilla
▶