CVE-2016-9587

Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
redhatCNA
6.6 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
redhatansible
𝑥
< 2.1.4
ansibleansible
𝑥
< 2.2.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ansible
bullseye
2.10.7+merged+base+2.10.17+dfsg-0+deb11u1
fixed
jessie
not-affected
bookworm
7.7.0+dfsg-3+deb12u1
fixed
sid
10.5.0+dfsg-2
fixed
trixie
10.5.0+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ansible
bionic
not-affected
artful
ignored
zesty
ignored
yakkety
ignored
xenial
Fixed 2.0.0.2-2ubuntu1.1
released
trusty
not-affected
precise
dne
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2017-0195.html
http://rhn.redhat.com/errata/RHSA-2017-0260.html
http://www.securityfocus.com/bid/95352
https://access.redhat.com/errata/RHSA-2017:0448
https://access.redhat.com/errata/RHSA-2017:0515
https://access.redhat.com/errata/RHSA-2017:1685
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587
https://security.gentoo.org/glsa/201701-77
https://www.exploit-db.com/exploits/41013/
http://rhn.redhat.com/errata/RHSA-2017-0195.html
http://rhn.redhat.com/errata/RHSA-2017-0260.html
http://www.securityfocus.com/bid/95352
https://access.redhat.com/errata/RHSA-2017:0448
https://access.redhat.com/errata/RHSA-2017:0515
https://access.redhat.com/errata/RHSA-2017:1685
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587
https://security.gentoo.org/glsa/201701-77
https://www.exploit-db.com/exploits/41013/