CVE-2017-7466 — Improper Input Validation in Redhat Ansible
Severity
8.0HIGHNVD
EPSS
2.7%
top 14.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 22
Latest updateMay 13
Description
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9
Affected Packages4 packages
🔴Vulnerability Details
4📋Vendor Advisories
2💬Community
5Bugzilla▶
CVE-2017-7466 ansible: Arbitrary code execution on control node (incomplete fix for CVE-2016-9587) [epel-all]↗2017-04-11
Bugzilla▶
CVE-2017-7466 ansible: Arbitrary code execution on control node (incomplete fix for CVE-2016-9587) [fedora-all]↗2017-04-11
Bugzilla▶
CVE-2017-7466 ansible1.9: ansible: Arbitrary code execution on control node (incomplete fix for CVE-2016-9587) [epel-all]↗2017-04-11
Bugzilla▶
CVE-2017-7466 ansible1.9: ansible: Arbitrary code execution on control node (incomplete fix for CVE-2016-9587) [fedora-all]↗2017-04-11
Bugzilla▶
CVE-2017-7466 ansible: Arbitrary code execution on control node (incomplete fix for CVE-2016-9587)↗2017-04-05