7.5

CVE-2016-8614

Exploit
A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatAnsible Version < 2.2.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.46% 0.823
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
secalert@redhat.com 6.3 2.8 3.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CWE-358 Improperly Implemented Security Check for Standard

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

http://www.securityfocus.com/bid/94108
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8614
Patch
Third Party Advisory
Exploit
Issue Tracking
https://github.com/ansible/ansible-modules-core/issues/5237
Third Party Advisory
Exploit
https://github.com/ansible/ansible-modules-core/pull/5353
Third Party Advisory
https://github.com/ansible/ansible-modules-core/pull/5357
Third Party Advisory