8.5

CVE-2017-7466

Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatAnsible Version < 2.3
RedhatOpenstack Version10
RedhatOpenstack Version11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.16% 0.863
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8 2.1 5.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 8.5 6.8 10
AV:N/AC:M/Au:S/C:C/I:C/A:C
secalert@redhat.com 8 2.1 5.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://access.redhat.com/errata/RHSA-2017:1685
Third Party Advisory
http://www.securityfocus.com/bid/97595
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:1244
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1334
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1476
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1499
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1599
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466
Third Party Advisory
Issue Tracking