CVE-2016-8647

CWE-20 — Improper Input Validation10 documents7 sources

Severity

4.9MEDIUM

EPSS

0.2%

top 61.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Ansible Engine RED HAT Ansible Redhat Virtualization

Timeline

PublishedJul 26

Latest updateOct 10

Description

An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages5 packages

▶PyPIansible< 2.2.1.0

▶NVDredhat/ansible_engine< 2.2.1.0

▶Debianansible< 2.2.0.0-4+3

▶CVEListV5red_hat/ansible2.2.1.0

▶NVDredhat/virtualization4.1

🔴Vulnerability Details

GHSA

Improper Input Validation in ansible↗2018-10-10

▶

OSV

Improper Input Validation in ansible↗2018-10-10

▶

OSV

CVE-2016-8647: An input validation vulnerability was found in Ansible's mysql_user module before 2↗2018-07-26

▶

CVEList

CVE-2016-8647: An input validation vulnerability was found in Ansible's mysql_user module before 2↗2018-07-26

▶

📋Vendor Advisories

Red Hat

Ansible: in some circumstances the mysql_user module may fail to correctly change a password↗2016-10-26

▶

Debian

CVE-2016-8647: ansible - An input validation vulnerability was found in Ansible's mysql_user module befor...↗2016

▶

💬Community

Bugzilla

CVE-2016-8647 Ansible: in some circumstances the mysql_user module may fail to correctly change a password [epel-all]↗2016-11-17

▶

Bugzilla

CVE-2016-8647 Ansible: in some circumstances the mysql_user module may fail to correctly change a password [fedora-all]↗2016-11-17

▶

Bugzilla

CVE-2016-8647 Ansible: in some circumstances the mysql_user module may fail to correctly change a password↗2016-11-17

▶