CVE-2017-7466

EUVD-2018-0013
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
redhatCNA
8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
redhatansible
𝑥
< 2.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ansible
bookworm
7.7.0+dfsg-3+deb12u1
fixed
bullseye
2.10.7+merged+base+2.10.17+dfsg-0+deb11u1
fixed
jessie
not-affected
sid
10.5.0+dfsg-2
fixed
trixie
10.5.0+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ansible
artful
ignored
bionic
not-affected
precise
dne
trusty
not-affected
xenial
Fixed 2.0.0.2-2ubuntu1.1
released
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/97595
https://access.redhat.com/errata/RHSA-2017:1244
https://access.redhat.com/errata/RHSA-2017:1334
https://access.redhat.com/errata/RHSA-2017:1476
https://access.redhat.com/errata/RHSA-2017:1499
https://access.redhat.com/errata/RHSA-2017:1599
https://access.redhat.com/errata/RHSA-2017:1685
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466
http://www.securityfocus.com/bid/97595
https://access.redhat.com/errata/RHSA-2017:1244
https://access.redhat.com/errata/RHSA-2017:1334
https://access.redhat.com/errata/RHSA-2017:1476
https://access.redhat.com/errata/RHSA-2017:1499
https://access.redhat.com/errata/RHSA-2017:1599
https://access.redhat.com/errata/RHSA-2017:1685
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466